Re: [AOLSERVER] Ruby module for AOLserver.
My cohort at work, Gene Rogers, is working on the Ruby module now. He's gotten it to run single-threaded, but hasn't tamed the multithreaded beast yet. /s -Original Message- From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf Of Chiriac Petrica Clement Sent: Monday, April 23, 2001 12:04 PM To: [EMAIL PROTECTED] Subject: [AOLSERVER] Ruby module for AOLserver. Hi, Exist Ruby module for AOLserver ? -- Petrica Clement Chiriac Web application developer Genesys Software Romania http://dev.genesys.ro
Re: [AOLSERVER] AOLServer+ACS+Java = AOLServer+TCL?
If the beans don't write to the database then ACID isn't even applicable. If they do write to the database, then they're doing it through the database access method and if the database is ACID compliant, so will be the writes; again, not applicable. If the data has been modified in the database and the bean hasn't been (sic) restarted, then your readers will not have the latest data. Be aware that if this read-only data is wrong and is used for an input form of some kind, ACID will work fine when the direct write to the database happens, but you'll be writing the wrong (bean-cached) data. I know beans, but I'm assuming in this context that they're caching database queries. /s. -Original Message- From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf Of Dossy Sent: Wednesday, May 02, 2001 3:33 PM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] AOLServer+ACS+Java = AOLServer+TCL? On 2001.05.02, Tim Darling [EMAIL PROTECTED] wrote: EJBs can be ACID-compliant.. the key is you don't write new values to the beans. If a value needs to be updated, you write to the database and then kill and remake the bean. This way you're keeping the database as your sole data abstraction, and the beans are just a local mirror of some parts. You misunderstand the purpose of ACID, I think. What happens if the database update succeeds, but somewhere between the update and the kill/remake of the bean, the process fails? Now, the data is out of sync. Unless you can make the kill/remake of the bean as part of the database transaction (if the kill/remake of the bean doesn't happen, the whole operation gets rolled back) ... then it doesn't pass the ACID test. Or, am _I_ confused? - Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/
[AOLSERVER] nsopenssl version 1.1 released
I've released version 1.1 of nsopenssl. You can get it from http://scottg.net The most important things: 40-bit browsers now work with SSLv3 and I've added three Tcl commands to get information about the current connection (what protocol, cipher, and the cipher strength being used). /s.
Re: [AOLSERVER] nsssl - openssl ?
Make sure your private key is not passphrase-protected; if it is, it'll fail to be loaded by the server. You can use openssl to take the passphrase off, but make sure you lock up this file so that only the server can read it (root will also be able to read it, obviously): openssl rsa -in key1.pem -out key2.pem The latest version is nsopenssl-1.1 and is available at http://scottg.net. You'll want to use this version, and it requires OpenSSL 0.9.6 or higher (though I haven't tested with 0.9.6a yet). /s. O.K, With a little Makefile and source hacking I got nsopenssl.so to build. (OPENSSL_free isn't in my version of OpenSSL, was it added later? [tclcmds.c]) Now my problem is that the module fails to load the certfile.pem. I created my own self-signed certificate using openssl, and from what I can tell it looks O.K. Has anyone tryed this before? I just think I'm missing something that my brain can't figure out. :-) P.S. The cert was generated from an unencrypted 3DES 1024-bit key if that helps any. Daniel P. Stasinski wrote: I was wondering if there was anything in the works to port nsssl from BSAFE to OpenSSL? It appears that getting your hands on BSAFE would be the first problem. Try nsopenssl at: http://scottg.net/webtools/opennsd/modules/nsopenssl/ Daniel P. Stasinski http://www.disabilities-r-us.com [EMAIL PROTECTED]
Re: [AOLSERVER] nsssl - openssl ?
I have test platform that contains everything necessary to compile and configure aolserver, nsopenssl, ssldump in a self-contained area to test in. If you can't get it working and you want to try out the test suite, I'll let you know how to download. /s. The keyfile was decrypted before I created the CSR. The server dies trying to load the signed (by me) certificate, even though: openssl x509 -noout -text -in certfile.pem Reguritates out the cert information O.K. I guess I failed to mention I'm using nsopenssl 1.1 I must have an older version of OpenSSL, since the OPENSSL_free stub isn't there. I'll try and upgrade OpenSSL and try again. Scott Goodwin wrote: Make sure your private key is not passphrase-protected; if it is, it'll fail to be loaded by the server. You can use openssl to take the passphrase off, but make sure you lock up this file so that only the server can read it (root will also be able to read it, obviously): openssl rsa -in key1.pem -out key2.pem The latest version is nsopenssl-1.1 and is available at http://scottg.net. You'll want to use this version, and it requires OpenSSL 0.9.6 or higher (though I haven't tested with 0.9.6a yet). /s. O.K, With a little Makefile and source hacking I got nsopenssl.so to build. (OPENSSL_free isn't in my version of OpenSSL, was it added later? [tclcmds.c]) Now my problem is that the module fails to load the certfile.pem. I created my own self-signed certificate using openssl, and from what I can tell it looks O.K. Has anyone tryed this before? I just think I'm missing something that my brain can't figure out. :-) P.S. The cert was generated from an unencrypted 3DES 1024-bit key if that helps any. Daniel P. Stasinski wrote: I was wondering if there was anything in the works to port nsssl from BSAFE to OpenSSL? It appears that getting your hands on BSAFE would be the first problem. Try nsopenssl at: http://scottg.net/webtools/opennsd/modules/nsopenssl/ Daniel P. Stasinski http://www.disabilities-r-us.com [EMAIL PROTECTED]
Re: [AOLSERVER] AOLServer and Mandrake Linux 8.0
There has to be something -- anyone have any ideas? Is there a 'hostid' command? Another shot in the dark: does *BSD have anything like /proc/cpuinfo on linux? 'cat'ing it out gives you the CPU info. It would be a bit of a mess to use in the Makefile, but if *BSD has something like it, it might work for what you're trying to do. Here's the info I get on a Linux box: /proc/cpuinfo dev-scottg cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping: 3 cpu MHz : 498.862 cache size : 512 KB fdiv_bug: no hlt_bug : no sep_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr xmm bogomips: 996.15 /s.
Re: [AOLSERVER] AOLServer and Mandrake Linux 8.0
There has to be something -- anyone have any ideas? Is there a 'hostid' command? Another shot in the dark: is there anything like /proc/cpuinfo available? 'cat'ing it out gives you the CPU info. It would be a bit of a mess to use in the Makefile, but if you have access to something like it, it might work for what you're trying to do. Here's the info I get on a Linux box: /proc/cpuinfo dev-scottg cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping: 3 cpu MHz : 498.862 cache size : 512 KB fdiv_bug: no hlt_bug : no sep_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr xmm bogomips: 996.15 /s.
Re: [AOLSERVER] WAP/SMS/I-Mode and AOLServer
Simon, your short article I think is very appropriate for this forum because there is little or no press for AOLserver/OpenNSD and how it's used to solve real-world problems, so it's instructive. Another recent example was the discussion of enterprise java beans and how they work. While not focused on AOLserver, it lets me know that there are people working on these things in AOLserver and that I can contact them directly for more info or to discuss it further. I'd like to hear more about how others are using and extending AOLserver. If others think it's inappropriate for this forum, then a separate forum should be set up, but I would HATE to see that happen because it'll just add more complexity. /s.
Re: [AOLSERVER] AOLserver 3.4 has been released!
AOLserver 4 is beta right now. Don't know how close it is to release, but I've tested the nsopenssl module against it and it serves pages. It's the default when you grab the CVS copy of the tree. /s. AOLserver 4 is mentioned in the Changelog - where can it be downloaded from? How stable is it? Regards, Jason -- Choose Free Mobile or Free Rental, Free Connection, with Free Smartbox, Free Calls, No Minimum Contract!!! For information and to order click over to http://www.iwantafreemobile.co.uk
Re: [AOLSERVER] nsv
No. NSV uses hashes so there really is no concept of a first key/value pair. /s. hi! My question is about nsv interface is there a way to get for example first key and value (that is not by key, but position) TIA Remigiusz -- ---/\- - Remigiusz Sokolowski e-mail: [EMAIL PROTECTED]/ \ -/\--- --
[AOLSERVER] AOLserver discussion forum is standing room only...
Get in while you still can. Go to http://scottg.net for a link to the AOLserver chat room. /s.
Re: [AOLSERVER] Sorry for the virus.
Hey, I did an rm -r /$dir once in a perl script where $dir happened to be inadvertently empty. I was root at the time too. That was a good lesson. You're not a stupid idiot. /s. Well, what can I say? Here is what I think happened. A Windows computer behind a SOCKS firewall got infected on June 30. I assigned this computer a public ip last night, allowing it to directly contact my mail server. Everyone in my Netscape account got an email, including this list. I apologize to all of you for being such an idiot. --Tom Jackson
Re: [AOLSERVER] SSL built fail BSAFE variable not dfind
Let me understand this correctly: In your next version, I'll be able to
ns_httpget (or some equivalent) an SSL site? I'm looking for this
functionality *right now*. Is something like this availible now in
AOLServer/TCL, or is yours the first?
Yes, Sort of, Maybe.
I'm implementing all of the equivalnent ns_sock* Tcl commands in nsopenssl,
include a C API. As of this moment I can make outgoing SSL connections and
fetch pages. I've implemented ns_httpsget and ns_httpsopen by copying and
modifying http.tcl to https.tcl. I've implemented Ns_FetchURL and
ns_geturl. ns_socklisten, is (mostly) working right now.
As far as I know this is the first real capability to do SSL from within
AOLserver; other methods rely on CGI but will work to fetch pages.
Here's an example Tcl script that fetches a page:
set fds [ns_openssl_sockopen 192.168.0.2 8001]
set rid [lindex $fds 0]
set wid [lindex $fds 1]
puts $wid GET / HTTP/1.0\r\n\r\n
flush $wid
while {[set line [string trim [gets $rid]]] != } {
lappend headers $line
}
set page [read $rid]
close $rid
close $wid
ns_log notice PAGE=$page
Here's another:
set hlist [ns_httpsopen GET https://192.168.0.2:8001;]
set rid [lindex $hlist 0]
set wid [lindex $hlist 1]
set setid [lindex $hlist 2]
ns_log notice RID=$rid WID=$wid SETID=$setid
set page [read $rid]
close $rid
close $wid
ns_log notice PAGE=$page
And another:
set page [ns_httpsget https://192.168.0.2:8001;]
ns_log notice PAGE=$page
The software is in beta right now. Expected release is as soon after next
weekend as possible.
/s.
Re: [AOLSERVER] Triple DES Encryption
No. nsopenssl only encrypts SSL traffic. It doesn't have the smarts yet to take a chunk of data and encrypt it and pass it back to you, though it's possible to add that functionality to the module. Right now, you could run a shell (ugh, I know) script that takes your data, runs it through openssl and returns the result to you. Unless you want to hack on the nsopenssl module and add the capability you need (which I'll gladly peer review and incorporate into the released version). Otherwise it'll have to wait until I've completed this iteration of the module. /s. From what I understand I would be needing to encrypt the data (text string) with 3DES and then I would put this encrypted string at the end of a HTTPS URL. The receiving end would then decrypt and use the text string. Would nsopenssl do this ? divney At 01:33 PM 7/23/01 -0400, Scott Goodwin wrote: If you're talking about 3DES over an SSL connection, nsopenssl can do that. If you're talking about 3DES to encrypt files on disk, in memory etc., nsopenssl doesn't do that...but it's an interesting idea which I've just added to my todo list. It would be useful to use be able to do: set rc [ns_openssl_crypt -cipher 3des -file /blah -password aoeu2345] /s. Hello, Not being that familiar with encryption, do there exist AOLServer TCL commands to handle Triple DES encryption ? I am thinking maybe via OpenSSL or ns_openssl, but I am not sure. I think I may have found a way to do this in Perl, but would rather do so in TCL. Thanks !! divney
Re: [AOLSERVER] Lynx/2.3 BETA crashes AOLserver 3.4 + nsvhr
FYI:
the From: header is a valid HTTP header. It's meant to pass the email
address of the individual on the client side to the server. The idea is
that if there are problems with the headers from the client, the server
admin can email the person listed in the From: header. It's supposed to be
used with the user's consent, but I'm pretty sure that it isn't used by
anyone (I guess this was before the Web became commercialized), and if the
From: header exists, it'll be empty.
/s.
Jerry Asher's vhr patch does seem to fix this bug as well,
but adds extra functionality at the same time.
That's an understatement!
Here's the
minimal patch for this problem:
# diff -Naur nsvhr.c.orig nsvhr.c
--- nsvhr.c.origMon Jul 30 07:45:04 2001
+++ nsvhr.c Mon Jul 30 07:45:29 2001
@@ -339,9 +339,9 @@
headers = Ns_ConnHeaders(conn);
host = Ns_SetIGet(headers, Host);
-Ns_StrToLower(host);
if (host != NULL) {
+Ns_StrToLower(host);
hePtr = Tcl_FindHashEntry(map, host);
}
I'll file this in SourceForge but I'd like to know what others
think before I go and fix it in CVS ...
I definitely think you should add this fix to SourceForge, but there is
the
question of what should be happening when a request with no host header
comes in.
I created a menuURL which is similar to the errorURL, but uh, different.
The idea is that no host headers would get redirected to a menuURL.
I can then build (manually or however) a menuURL page that enumerates the
hosts provided at the site and provides links COMPLETE with the nssock
port. This lets HTTP/1.0 hosts discover what sites are available and get
to the site they are looking for in a friendly fashion. This might be
done
with the errorURL as easily, but there are errorful conditions that can
occur in which I don't want to give the client browser a generic menu of
sites and do want to give them a more site specific, error condition
message.
At any rate, a HTTP/1.0 header should not crash nsvhr, but it's still not
clear what you do with it after it gets to nsvhr.
Jerry
=
Jerry Asher [EMAIL PROTECTED]
1678 Shattuck Avenue Suite 161Tel: (510) 549-2980
Berkeley, CA 94709Fax: (877) 311-8688
Re: [AOLSERVER] perms
I rolled my own in Tcl. It loads a file of usernames/passwords every 15 mins. It stores these in nsv arrays. Pretty simple, and fast enough. I have a request processor registered at preauth that checks a urlacls file that contains each ACL'd URL and causes a challenge to be issued based on the info in it. Why not use nsperms? Because it didn't fit my needs and was a bit too restrictive for me. I need to be able to check for a client SSL certificate first, then failover to username password. /s. At 10:56 AM 8/8/01, you wrote: How do I get Aolserver to recognize that a user has been manually updated in the passwd file on disk without restarting/HUPing the server? I have Skiplocks set to off in my config file (if its on and I try ns_passwdcheck it crashes the server hard without a log entry)... It would be really nice to be able to check this without having to build a proc to manually process the file each time a request is made and without the connectivity downtime caused by a server reload... Thanks I think you will need to create a custom module to do this for you. There is no code I am aware of that reloads the files off disk. Short of checking on each request, you may consider: A) A scheduled proc that checks/reloads every five minutes B) A web interface to the passwd file that reloads the file after updating it C) A web page/url that shell scripts could use to get the file reloaded for them: in other words if you have a shell script that updates the passwd file for you, the shell script could do an http request on something like /passwd-reload to get a tcl script within aol server to reload the passwd file Jerry = Jerry Asher [EMAIL PROTECTED] 1678 Shattuck Avenue Suite 161Tel: (510) 549-2980 Berkeley, CA 94709Fax: (877) 311-8688
Re: [AOLSERVER] ns_sock* TCL API
Hi Mark, ns_sock* commands are still there and will continue to be there; no plans I know of to deprecate them. I don't have much Windows experience, but as far as I know, others are using it fine. Try using the ns_sock* commands, and if you have problems, post your scripts to this forum and someone should be able to help you. /s. Hi all. I've been lurking on the list for a couple of days now. We're a development house trying to get AOLserver up and running as a platform-independent alternative to IIS. Can someone kindly enlighten me about ns_sockopen and related commands? I understand the documentation for them, but should I be using them? Or are they deprecated or obsolete since using Tcl 8.3 now? I have a page that is using the regular Tcl socket command to connect to a back-end host, and it's hanging AOLserver hard after about 5 min of inactivity. Any help appreciated... -- Mark Hubbard: [EMAIL PROTECTED] Microsoft Certified Professional Knowledge is Power.
Re: [AOLSERVER] Symbolic links and directoryfile
As far as I know, all requested URLs must be referenced via the pageroot. If you create a URL or a filesystem softlink that has an absolute path like /home/scott/myweb/file, and pageroot is set to /myweb, the server won't follow the link. I've made that mistake before both in Apache and AOLserver. It's the proper behavior. If someone does get that to work, I'd say it's a bug that needs to be fixed. That doesn't mean, however, that AOLserver itself cannot see or use files referenced via the absolute path, just that it cannot server files via HTTP outside of the pageroot. For example, you can point to an SSL cert via nsopenssl in the nsd.tcl file via an absolute filesystem path. If pageroot and the filesystem's root are the same, then it doesnt' matter, but you'd not want to do this. In the case of a chrooted server, the absolute path will still not work if your chroot top level dir is different from your pageroot setting. Hope this muddies the waters. /s. Is this enforced in AS 3.x? Your note says the web server cannot follow..., which is only true if it is chrooted or there is some server code checking links (I think). Jim Hi Ellen, every web server has what's called a pageroot, the directory in the filesystem where the web pages are served from. If the web server is going to be able to follow a soft link, that softlink must be a relative softlink rather than a fully-qualified path. Basically, you don't want your web server to be able to access any files outside of it web space (i.e. pageroot). This is ok: ln -s dir/subdir softlink This is ok: ls -s ../dir/subdir softlink This is NOT ok: ln -s /home/scott/dir/subdir softlink In the last case, the web server cannot follow the path because it begins outside of its pageroot, UNLESS your pageroot *is* set to /home. Let me know if you're still having problems with this, /s. -Original Message- From: AOLserver Discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Ellen Spertus Sent: Sunday, August 19, 2001 9:44 PM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Symbolic links and directoryfile Thanks for the reply. Maybe you linked to a relative path incorrectly, or you linked to the absolute path rather than the path relative to the pageroot. I did link to an absolute path (/home/mailman/blahblah), which is not under pageroot. Is that not allowed? Ellen
Re: [AOLSERVER] installing AOL Server on WINDOWS!
If you don't put it on the list, please cc me for both the Windows install and PostgreSQL stuff. thanks, /s. Tell you what, I can walk you through that if you'll walk me through the same thing with PostGreSQL. I just did AOLserver last week, from the binaries, not the C source. If you need to compile it from the source I can't help you. Listers: would you want to see this on the list, or should we keep it in private email? -- Mark Hubbard: [EMAIL PROTECTED] Microsoft Certified Professional Knowledge is Power. -Original Message- From: rana deepti [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, August 22, 2001 6:44 AM Subject: installing AOL Server on WINDOWS! hello! I'm very new to AOLServer. At present my application is in TOMCAT. I've installed postgresql on windows successfully. Now I want to use AOLServer with it. but I'm not able to find a good documentation or article at HOW TO INSTALL AOL SERVER ON WINDOWS I mean complete steps guide can any one help me? thanx in advance regards...deepti __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
Re: [AOLSERVER] Error Handling
Wow, that is a *great* idea. Then you could register an exception handler for a url path. If it's possible, it would probably have to be something set inside the Tcl interp that is running the ADP or Tcl code, before it starts running the code. Unfortunately I don't yet know enough about Tcl internals to know how to go about doing this, but it is well worth looking into. /s. Is there any way in AOLServer to register an exception handler? What I would like to avoid is going over all the pages in my site and adding a catch statement so that if an exception is thrown, either through the tcl interpreter or or a postgresql query or action, I could catch it with a proc or page. Thanks, Vince
Re: [AOLSERVER] Form Posting
Funny you should mention that. I'm adding the ns_httpspost command to https.tcl this weekend. I'll also be adding the ns_httppost to http.tcl. /s. I am looking for some easy way (i.e. a tcl routine not a C routine or module) to post form data into a URL without passing it on the URL line itself... instead of redirecting to say http://www.foo.com/bar?msg1=hellomsg2=bye I would like to do something like this: add_form_value storagevariable msg1 hello add_form_value storagevariable msg2 bye post_form http://www.foo.com/bar; $storagevariable and have it redirect to the url and post the data the same as if a user had filled out a form and hit submit instead of the URL based method.. Does anyone know how to do this? Any help would be appreciated -- Patrick Spence, Network Administrator Information System Dept. 2401 South 24th Street, Phoenix, AZ 85034 [EMAIL PROTECTED] - http://www.vitamist.com
Re: [AOLSERVER] Me being lame
Ok Carl. DCI folks are probably really busy in any case, so I'll do it myself soon; I just want better version numbering before 4.x is released. /s. htmldiv style='background-color:' DIV PHey Scott, this is to inform you that I've been extemely lame and havent gotten in touch with the Digital City folks about incorporating the version numbers in .h files. Its been hectic week with my system that was looking to be deployed frying on me. Took couple days of trying to fix but ended up having to reset from scratch ... Also Digital City has laid some off since last week including one of my best friends that works there but I'm sure Jim amp; Kriston are intact. I will try and at least send email note requesting Kriston respond but may not get to talk to any for a little bit.nbsp; Had good time chatting last week and prob see you in a little bit. /P PBest Regards,/P PCarl /P/DIV/divbr clear=allhrGet your FREE download of MSN Explorer at a href='http://go.msn.com/bql/hmtag_itl_EN.asp'http://explorer.msn.com/abr /html
Re: [AOLSERVER] Can nsssle certificates be made to work with nsopenssl?
A standard certificate issued by verisign or another company should work fine with nsopenssl. The only thing you may have to do is decrypt the key. Normally the key.pem is passphrase protected/encrypted. nsopenssl doesn't try to figure out if it's passphrase protected so it won't ask or look for a passphrase to use to unlock it. This command will strip the passphrase from the key.pem file: openssl rsa -in key1.pem -out key2.pem key2.pem is not encrypted, so you MUST protect it with owner/group perms. The question might arise: why not make nsopenssl capable of reading passphrase-protected keys? The answer: I like to keep things simple. Having the key passphrase protected doesn't really buy you security when you then put the cleartext passphrase in your configuration file so it can be unlocked at server startup time. I had this problem with Apache: passphrase had to be manually typed in. If the server went down and came back up during non-work hours, I'd have to go in and type in the passphrase to get it running with the cert again. No thanks. /s.
Re: [AOLSERVER] strange nsopenssl behavior -- explained
On Thu, 4 Oct 2001 17:51:13 -0400, Robert Spassky Cabacungan
[EMAIL PROTECTED] wrote:
The problem is the NsOpenSSLSend() function in ssl.c, in nsopenssl-2.0.
BIO_write is returning a resource not available, try again error, but
NsOpenSSLSend is not checking for that, and so behaves as though it were
a non-recoverable error, aborting the write instead of trying again.
A simple loop over the SSL_write() fixes this. Ironically, there is
commented out code at the bottom of the function which would handle
retries. However, the comment reads this BIO_write loop doesn't work,
but seems like it should. So it looks like Scott did consider this
possibility, but it kind of slipped through the cracks in the final
release. Indeed, NsOpenSSLRecv() does loop and handle retries.
Anyway, I simply changed the SSL_write to operate in a loop, as follows:
do {
rc = SSL_write(ccPtr-ssl, buffer, towrite);
towrite -= rc;
} while ( BIO_should_retry(ccPtr-ssl-wbio)
BIO_should_write(ccPtr-ssl-wbio) );
Does anyone know whether it's better to use SSL_write or BIO_write in
this case?
Rob
Hi Rob,
It didn't slip through the cracks, I just couldn't get it to work at the
time so I commented it out to study it later. It looked like it should have
worked, but either I didn't understand what it was doing or had made a
mistake in usage (or both; boy, wouldn't that stink). Anyway, I wanted to
get a functional module out and this was something that could wait.
I don't think it matters whether we use SSL_write or BIO_write, but in
general I wanted to move all I/O to BIOs for better portability and cleaner
code. Another place where I tried to use BIOs versus SSL_* funcs was in the
server's RunHandshake -- on Solaris, BIOs looped 50-60 times before data
got through the handshake (it succeeded, but not gracefully). So I backed
off using BIO_* stuff in there.
I'll take another look at it and your code above and see if I can get
things working properly for the next release.
If you find out anything further, please let me know.
thanks,
/s.
Re: [AOLSERVER] Shared object libssl.so.200 not found...
It sounds like your shared lib path doesn't include the directory where this resides. In any case, nsopenssl should compile the OpenSSL library *into* nsopenssl itself, and not use the shared lib. Make sure you have the latest version of nsopenssl (either 1.1c or 2.0) and grab the source for OpenSSL, compile and install it somewhere point nsopenssl to that copy when you compile nsopenssl. /s. On Thu, 18 Oct 2001 07:43:47 -0700, Ian Harding [EMAIL PROTECTED] wrote: I have compiled nsopenssl but when I try to start the server with the sample script it complains about not being able to find the above file. It does exist in my /usr/pkg/bin directory (where it belongs under NetBSD). How can I tell nsd where to find it? What did I do wrong that it can't find it? Thanks!! Ian A. Harding Programmer/Analyst II Tacoma-Pierce County Health Department (253) 798-3549 mailto: [EMAIL PROTECTED]
Re: [AOLSERVER] nsopenssl destroying conn too soon?
Actually, looking at your log output, your conn is being cut immediately. Still need to know what version of nsopenssl you're running. Ian, what version of nsopenssl are you using? Can you time how long before your conn is cut? /s. On Fri, 9 Nov 2001 10:50:50 -0800, Ian Harding [EMAIL PROTECTED] wrote: I have nsopenssl working fine with one exception. If the page takes 'too long' to serve up, nsopenssl closes the connection too soon. I have read what I can find and can't fix it. Any ideas? log snippet... [08/Nov/2001:21:01:20][28846.43][-conn3-] Notice: dbdrv: opening database 'postgres:localhost:543... [08/Nov/2001:21:01:20][28846.43][-conn3-] Notice: nspostgres: opening 'planning' on 'localhost' [08/Nov/2001:21:01:20][28846.43][-conn3-] Notice: nspostgres: opened connection to 'localhost:543... [08/Nov/2001:21:01:20][28846.43][-conn3-] Notice: dbinit: sql (localhost:5432:planning): 'select *... [08/Nov/2001:21:01:20][28846.43][-conn3-] Debug: nsopenssl: SockClose [08/Nov/2001:21:01:20][28846.43][-conn3-] Debug: nsopenssl: destroying conn (0x83c6978) [08/Nov/2001:21:01:20][28846.43][-conn3-] Debug: nsopenssl: done destroying conn Ian A. Harding Programmer/Analyst II Tacoma-Pierce County Health Department (253) 798-3549 mailto: [EMAIL PROTECTED]
Re: [AOLSERVER] Again, Segfault with Aolserver, PHP, SquirrelMail
Hi Sean, have you run AOLserver under GDB yet to find out where it is segfaulting? Here's an example of how to do that. Put this into a file called gdbinit, substituting the things in parens with something appropriate and adjusting pathnames: === BEGIN : CUT == directory /usr/local/src/aolserver directory /usr/local/src/(other source dir) directory /usr/local/src/(other source dir) set args -f -u (user) -g (group) -t /usr/local/aolserver/nsd.tcl -s (servername) run == END : CUT then run: gdb -x gdbinit /usr/local/bin/aolserver/bin/nsd After the process segfaults, type bt at the GDB prompt (bt = backtrace). This should give you the function, source code line # etc. of where the fault is occurring. /s. Hello, No one seems to want to touch this, not on the Aolserver list, not on the PHP list, not on the SquirrelMail list. However, I'm going to try again. On a server running RedHat Linux 7.2, I've got Aolserver 3.4.2 compiled and working fine, and PHP 4.0.6 compiled as a module and working fine except when it segfaults. It occurs consistently when loading SquirrelMail's (1.2.0-rc2) src/right_main.php, though I think the problem is really in the called function sqi_mailbox_list from functions/imap_mailbox.php. Exactly what the server is trying to do when it crashes I haven't yet figured out. The PHP source distribution warns about trouble with multi-threaded servers, but the suggested workaround, removing a line of code, refers to a line that no longer appears to be in the code anyway. Has anyone had a similar problem? Can anyone help me solve this problem or debug it more accurately? I currently have Aolserver 3.0, SquirrelMail 1.0.6, and PHP 4.0.6 running with no problems on another server under RedHat 6.2 (I'm trying to migrate our webmail onto a new machine) so this is very frustrating. Thanks. Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] Again, Segfault with Aolserver, PHP, SquirrelMail
I hate to say it, but drop back to 3.0 and test on RH 7.2. If it breaks, then there's something different in the combo between AOLserver and RedHat 7.2. If it works, then upgrade to AOLserver 3.1 and test, then 3.2 and test etc. until you get to 3.4.2, also on RedHat 7.2. Let's find out which upgrade breaks it. When it breaks, get a backtrace with GDB, then look at the sources where it breaks and see what's changed between the code that broke and the version before it. Frankly, I'm surprised that a bad path would cause a segfault, which leads me to believe that some var or pointer isn't being initialized before use. /s. Scott, I've been using this Aolserver 3.0 + PHP 4.0.6 for over a year with no problem -- this is new (mis)behavior. In what I'm trying to setup now, the PHP version is the same, but I'm trying to use new versions of Aolserver (3.4.2) and RedHat (7.2, old server has 6.2). I cannot think of any way that Aolserver is causing this problem for PHP, though. At 06:59 PM 11/26/2001 -0600, you wrote: Hi Sean, Is this something you can fix on your own? It's possible that the PHP module for AOLserver is doing this (i.e. it's building a path without checking for relative paths); I'm not sure as I've never used the module or PHP. /s. Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] Again, Segfault with Aolserver, PHP, SquirrelMail
Ok, then it sounds like an interaction problem between AOLserver and RedHat 7.2 (or more likely the PHP module and 7.2). Can you post the backtrace? /s. At 11:24 AM 11/27/2001 -0500, Scott Goodwin wrote: I hate to say it, but drop back to 3.0 and test on RH 7.2. If it breaks, then there's something different in the combo between AOLserver and RedHat 7.2. Actually, I tried that and ran into the same problem. Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] single AOLserver instance serving up 2 certificates based on hostname
Hi Nuno, go about it? My current idea was to have AOLserver listen on two distinct IPs (one for each domainname) and have two nsssl sections configured, one for each IP, but I'm not sure if this will work. This is the only way I know of that it will work. Since the SSL conn must be set up before *any* data crosses the gap, the server/SSL module cannot know beforehand which site the user wants to see, so it has no way to choose the correct SSL certificate to use based on the URL. So you cannot have two sites served by the same IP/port combination. Set up your NIC adaptor with two separate IPs. Then one nsopenssl module can listen on 192.168.10.10:443 and the other on 192.168.10.11:443. This is how we did it here with Linux 2.2.x (IPAlias must be installed in the kernel): ifconfig eth0:0 192.168.10.10 route add -host 192.168.10.10 dev eth0:0 Note the ':0' after 'eth0' in both cases; this tells Linux that it's a second IP address. You could put a third on with 'eth0:1'. We didn't run this way for long, it was a test, so you may run into routing or other network-related issues. Surely, it can't be this simple, right? One AOLserver process can run two nsopenssl modules at the same time, you just have to make the second one have a different name, as you said, both in the nsd.tcl file and in the /bin dir. I have our second one called nsopenssl2 in nsd.tcl and I've created a hardlink from /bin/nsopenssl to /bin/nsopenssl2. Hope that helps, /s.
Re: [AOLSERVER] nsopenssl on NetBSD
I don't think it's an OS problem, I think it was an SSL looping problem. It's fixed in my latest alpha, but I'm going to be extremely busy between now and the 21st on a project here at work, so I won't be doing an official release until after that. The alpha copy is attached; it's essentially production-ready (I'm sending a copy directly to you as the listserv will strip the attachment -- if anyone else wants this copy, let me know). Test with this and tell me if it fixes the problem you're experiencing. /s. Is anyone else using nsopenssl on NetBSD? I have a wierd problem that I think is OS specific. The client receives the first 16K of data, and nothing more. Usually. Sometimes repeatedly hitting Reload will result in the whole page coming over. It happens with nsopenssl 1.0 and 2.0 It happens with database served pages (nspostgres) and static text files It happens on the LAN and across the internet. It happens on the local machine. It happens with aolserver 3.4 and 3.4.2 It happens with Internet Exploiter 5.5 and Netscape (unknown version, it's at home) It happens on Windows clients and NetBSD clients and Linux clients. NetBSD is 1.5.2 on i386. I thought nsopenssl was closing the connection too soon but it appears not to be. I did some squirrely things when compiling openssl to get it to work, for example compiling it with -threads -D_REENTRANT. NetBSD does not support threads natively and I didn't tell openssl anything else about threads, so I don't know what this did, but it did let me get nsopenssl up and seeming to work. nsopenssl was compiled like aolserver, with PTL (Portable Thread Library) . Thanks in advance for any ideas... Ian A. Harding Programmer/Analyst II Tacoma-Pierce County Health Department (253) 798-3549 mailto: [EMAIL PROTECTED]
Re: [AOLSERVER] simple db start-up problem
I think the ns_db command will work if the database cannot be connected to. At start time, nspostgres is loaded and reads it's section from the nsd.tcl file. If there is an error in that section (typo, not configured properly etc.) then nspostgres fails to load and ns_db is disabled. Paul has an error in his nsd.tcl file. nspostgres does not to my knowledge try to connect to the database until the first sql statement you issue, so it'll start up properly even if your database isn't around. /s. On Wednesday, December 12, 2001, at 01:16 PM, Scott Goodwin wrote: Take a close look at your server log where the db stuff is initialized and nspostgres is loaded. ns_db is disabled if nspostgres can't connect to the database. You should have some info there. You may need to turn on debug. I haven't yet had the opportunity to work with the nspostgres driver. Is it true that it will leave ns_db disabled if it can't connect to the DB at startup? I'd like to suggest that behavior is a little drastic; I'd think that faulty database connectivity might be recoverable (maybe the DB server is temporarily down), and disabling ns_db prevents the AOLserver from recovering without being restarted. Personally, I'd prefer to do catches around my ns_db open calls, and give reasonable failure messages until the connection succeeds. Then when the DB server comes back up, stuff should just start working again. I know the Sybase driver works this way -- as long as the libraries get loaded, the module is OK, and ns_db should be available; if the DB is down, that's a separate issue.
Re: [AOLSERVER] Any demand for AOLserver 3.4.2 for Win32?
It was a technical one. Making it win32-capable added a lot of code noise and Jim D. asked the group at one of the chat sessions if there was any reason not to drop win32 support, at least for 4.x. He wanted to focus on cleaning up and improving the codebase and not spend a even more time on win32 portability issues, especially with regards to threading. /s. Was the decision to drop Win32 support on AOLServer 4.0 a political one or a technical one? Was the decision to drop Win32 support on AOLServer 4.0 a political one or a technical one? It seems as though there are some demand for Win32 support and as AOLServer gains momentum, why limit its reach by not supporting Win32 systems? (not trying to rant) -Original Message- From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf Of Dossy Sent: Tuesday, December 18, 2001 7:17 AM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Any demand for AOLserver 3.4.2 for Win32? On 2001.12.18, Kriston Rehberg [EMAIL PROTECTED] wrote: I'll try to get one going, I'm finishing up a class on C++ that uses MS VC++ and I might be able to apply that knowledge to the Win32 build especially when it comes to getting those %*#Q$! extra modules like nscgi and nsssl built. Heh. nscgi builds under Win32, it just doesn't actually execute CGI's. At least, on my Win98 SE setup here, trying to execute a simple .bat CGI hung the box hard and required a reset-switch warm boot. Thread problems, I'm guessing. (Probably needs to use CreateProcess() or ShellExecuteEx() under Win32 ...) For AOLserver 4.x, can anyone please try out building it with the current Cygwin? Did that already. No joy. Perhaps Larry's comment may solve the problem though: On 2001.12.18, Larry W. Virden [EMAIL PROTECTED] wrote: Note that I believe that Tcl itself doesn't compile using the Cygwin compiler - you need the Mingw32 compiler with the flag saying that you want it to run under Cygwin I think - details are over in comp.lang.tcl I guess I'll have to install Mingw32 and try it out. However, I still ask: won't the performance loss of running under Cygwin make running AOLserver under Cygwin unattractive? -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] GCC compilation of AOLserver 4.x fails due to -rpath
Problem solved. It didn't quite work with what you sent, but it led me to this, which did work: RFLAG = -Xlinker -rpath RPATH = $(RFLAG) $(AOLSERVER)/lib Note that -Wl is *supposed* to pass the comma-separated list to the linker, removing the commas in the process. This doesn't appear to work as advertised: RPATH = -Wl,$(RFLAG),$(AOLSERVER)/lib Now I'm pondering whether to commit the changes to sourceforge; I'm not comfortable that this solution fixes my problem *AND* doesn't break the compile on other systems and platforms. thanks, Pete, /s. Try changing the definitions to this: RFLAG = -Xlinker -rpath RPATH = -Xlinker -Wl,$(RFLAG),$(AOLSERVER)/lib -Xlinker is a gcc switch to pass arguments to the linker. The man page says that if the linker argument takes a parameter, then you must use -Xlinker twice -- once for the argument and once for the parameter. It specifically says that quoting the argument and parameter won't work. I think AOLserver used to invoke ld directly, in which case the -rpath would have worked, but on some platforms or versions of gcc, particularly with shared libraries, you just don't get the same output from ld as you do from gcc, no matter what arguments you throw at it. It's probably fixable, but it's just so much easier to use gcc for everything. Pete.
Re: [AOLSERVER] GCC compilation of AOLserver 4.x fails due to -rpath
You're right -- RPATH isn't used anywhere. RFLAG is used eventually in include/Makefile.library, which becomes included in nsd/Makefile: $(LDSO) -o $(LIB) $(OBJS) $(LIBS) $(RFLAG) $(AOLSERVER)/lib This should be changed to: $(LDSO) -o $(LIB) $(OBJS) $(LIBS) $(RPATH) Note that I removed the $(AOLSERVER)/lib as it's part of RPATH. If RPATH is defined as , then having $(AOLSERVER)/lib at the end of the LDSO line will cause an error. Strangely, the Solaris build has this: RFLAG = -R RPATH += -Wl,$(RFLAG),/usr/lib/lwp Which makes RPATH for Solaris end up looking like: RPATH = -Wl,-rpath,$(AOLSERVER)/lib -Wl,-R,/usr/lib/lwp I'm not sure whether this was the intention. Another side-effect as that $(AOLSERVER)/lib must exist as a directory before the compile will work, but $(AOLSERVER)/lib isn't created until after you run make install. I'll commit the above mentioned changes to CVS later today. thanks, /s. Scott, Notice what you included in your original post: gcc -shared -nostartfiles -o libnspd.so listen.o log.omain.o ../nsext/nsextmsg.o -L../tcl8.3.4/unix -ltcl8.3g -lm -ldl -lpthread -rpath ../../install/aolserver/lib Note that it's just got -rpath and not -Wl,-rpath,$(AOLSERVER)/lib there. Which means, the build rule is using $(RFLAG) instead of $(RPATH). Leave RFLAG and RPATH as they are, and fix the build rule by replacing $(RFLAG) with $(RPATH) where appropriate. I haven't checked out of CVS lately, so I can't tell you specifically where appropriate is ... but if you can't find it, I'll do a cvs update and look myself. -- Dossy On 2001.12.19, Scott Goodwin [EMAIL PROTECTED] wrote: Problem solved. It didn't quite work with what you sent, but it led me to this, which did work: RFLAG = -Xlinker -rpath RPATH = $(RFLAG) $(AOLSERVER)/lib Note that -Wl is *supposed* to pass the comma-separated list to the linker, removing the commas in the process. This doesn't appear to work as advertised: RPATH = -Wl,$(RFLAG),$(AOLSERVER)/lib Now I'm pondering whether to commit the changes to sourceforge; I'm not comfortable that this solution fixes my problem *AND* doesn't break the compile on other systems and platforms. thanks, Pete, /s. Try changing the definitions to this: RFLAG = -Xlinker -rpath RPATH = -Xlinker -Wl,$(RFLAG),$(AOLSERVER)/lib -Xlinker is a gcc switch to pass arguments to the linker. The man page says that if the linker argument takes a parameter, then you must use -Xlinker twice -- once for the argument and once for the parameter. It specifically says that quoting the argument and parameter won't work. I think AOLserver used to invoke ld directly, in which case the -rpath would have worked, but on some platforms or versions of gcc, particularly with shared libraries, you just don't get the same output from ld as you do from gcc, no matter what arguments you throw at it. It's probably fixable, but it's just so much easier to use gcc for everything. Pete. -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] Exposing API's to other modules?
For C modules, simply create the C functions you want exposed from your module as externs and call them Ns_SomeName. Just make sure you don't conflict with a C function name that already exists in the core or in other modules. You do this by prepending something that you think is going to be unique. For the nsopenssl module, I've named all externally visible functions as Ns_OpenSSL*, where '*' is whatever you choose. For the calling C module, I think you'll probably want to have func prototypes declared in your module for the C funcs in the other module that you're calling, otherwise your module's compilation will complain. If your module is using C functions from the core AOLserver C API, your module will already see the func prototypes via the include/ns.h file. As long as all C modules are loaded before any of them call the C functions of other modules (which is what should happen; just don't put any of these calls in your Ns_ModuleInit function) you should be ok. For Tcl, if your procs are loaded at server start time then they are visible to all Tcl interps created to handle conns, scheduled things etc. /s. Hello, How can a module X expose API's to other modules? I can think of the following possiblities: A) Add Tcl commands, so the other modules could execute the commands B) Register for URL(s), maybe one URL with parameters for which function and the function parameters encoded in the URL, or multiple URL's, one for each function being exposed C) User modules would load module X (e.g. in Win32 calling LoadLibrary) and calling the exposed functions Is there any other way? I suppose the cleanest of them all is choice A. Is there an equivalent method but for C API's (in other words, can a module add C functions to be available to other modules to call directly, e.g. through some Ns_Call (funcname, ...) call)? Thanks, Ramin.
Re: [AOLSERVER] Exposing API's to other modules?
Well, the cat's out of the bag already. Let's set a standard for exposed functions that sit within modules. Currently, in nsopenssl's case: NsOpenSSL* functions are externed but are not to be called from outside the module. Ns_OpenSSL* functions are external APIs that can be called from anywhere. All others (MakeSSLContext and such) are private to the .c file they're defined in. We can change the externals to: NsmOpenSSL* and Nsm_OpenSSL* where Nsm = Naviserver Module, and OpenSSL would be substituted for whatever the module's name is. This won't prevent name collisions between modules, but it will prevent them between a module and the core. Is this a big deal? Changing function names just to be consistent may be viewed as a waste of time. I don't happen to think so. It helps when I go read another module's sources if they follow a style consistent with the core stuff. I'm probably outnumbered in this view. /s. In a message dated 12/28/01 12:02:35 AM, [EMAIL PROTECTED] writes: For C modules, simply create the C functions you want exposed from your module as externs and call them Ns_SomeName. Just make sure you don't conflict with a C function name that already exists in the core or in other modules. You do this by prepending something that you think is going to be unique. For the nsopenssl module, I've named all externally visible functions as Ns_OpenSSL*, where '*' is whatever you choose. Hello, Actually, I would suggest not using the Ns_ prefix for your modules except for the required Ns_ModuleInit and Ns_ModuleVersion. The assumption was that Ns_ external functions are public from the AOLserver core like Tcl_ is public from Tcl core. As long as other folks don't use Ns_ as a prefix, we only have to watch for conflicts with the AOLserver core functions. I think there's been some cheating in the past, e.g., some of the database drivers used the Ns_ the prefix when they weren't in the core. Also, nsopenssl is so popular and has the unique Ns_OpenSSL prefix it's really not a problem. What we do here at AOL is follow the same code style but use a different prefix, e.g., Dci_ or Aol_ for our custom modules. -Jim
Re: [AOLSERVER] Sharing a socket between C and TCL
If you're creating the socket in your C module using Tcl channels, I think you just need to get the socket id back and use the standard puts, gets and so on. If you aren't using Tcl channels, you'll need to create your own Tcl commands and use them to read/write bytes. See nsopenssl for an example of using Tcl channels. I had to create my own new channels. You should only have to use the standard Tcl channel already defined for sockets. /s. Hello. I've written a small C based daemon listening on 999 port. It doesn't do much, but I want to move some of the functions from C to TCL. I'm using Ns_SockListenCallback() and have SOCKET to work with. How do I allow Tcl to use this socket? -- WK
[AOLSERVER] Fw: Re: [ANNOUNCE] Financial support for replication programmer needed
This was a posting from the PostgreSQL crew. I'm posting it here for two reasons: 1. Maybe someone in our discussion group might be able to help who hasn't seen the original message. 2. I think the method I gave in my response below might be a good way to get work done on AOLserver module features (and possibly even some core stuff too) that we want. I don't know the logistics of doing something like this, but maybe I can spark others to think about it. Ideas are cheap. Action can be expensive. Flame me privately, please. /s. - Forwarded message follows - Is there any way we can take up a collection? I'd gladly donate a $100 to him for this work, but I'm not a company and don't have the big bucks. This is a wouldn't it be neat if we put up a wish list of features we wanted on the Postgres site and allowed people commit donations to it? No money would change hands until someone signed on and did the work. Sort of like how the public schools do a sponsor this child for 50 cents/lap kind of thing. But it would be interesting to see how much money had been committed to each feature or project so coders who are interested could decide what they'd work on next based on that. It would also lower the risk -- if it isn't done, the people committing the money don't have to pay. If it is done, it's a win-win situation. Just my thoughts. /s. Scott S. Goodwin http://scottg.net One of the main replication people would benefit from some financial support in his work in getting replication into 7.3. He is currently working as a consultant and would be able to devote much more time to replication if he had some financial backing. If you or your company is able to provide such support, please let me know and I will forward his name to you. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026 ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [AOLSERVER] symlinks in cgi-bin
Andre,
Go read the docs I have at
http://scottg.net/webtools/aolserver/modules/nscgi; maybe you'll find the
answer there. If not, I'll add them when you've found a solution.
thanks,
/s.
Hi!
I'm using Debian 2.2 potato, Aolserver 3.4.2, and would like to use
the cgi-feature with the mailman-Debian package. It installs into my
cgi-dir using symlinks.
root@mir:~# ls -l /usr/lib/mailman
total 28
drwxr-xr-x6 root root 4096 Feb 26 11:32 Mailman/
root@mir:~# ls -l /usr/lib/mailman/cgi-bin/
total 80
-rwxr-sr-x1 root list 5332 Dez 13 11:18 admin*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 admindb*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 archives*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 edithtml*
-rwxr-sr-x1 root list 5344 Dez 13 11:18 handle_opts*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 listinfo*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 options*
-rwxr-sr-x1 root list 5336 Dez 13 11:18 private*
-rwxr-sr-x1 root list 5332 Dez 13 11:18 roster*
-rwxr-sr-x1 root list 5340 Dez 13 11:18 subscribe*
root@mir:~# ls -l /usr/lib/cgi-bin/ | grep mailman
lrwxrwxrwx1 root root 18 Feb 26 11:30 mailman -
../mailman/cgi-bin/
My aolserver-configuration is
ns_section ns/server/${server}/module/nscgi
ns_param debug false ;# Be chatty in log
ns_param gethostbyaddr false ;# Whether to do reverse DNS
lookups
ns_param limit 0 ;# Max number of concurrent CGI
processes
ns_param maxoutput 10240 ;# Max bytes allowed from
external process
ns_param buffersize 8192 ;# Buffer output from external
process
ns_param MapGET /*.pl
ns_param MapGET /*.py
ns_param MapGET /cgi /usr/lib/cgi-bin/
ns_param MapGET /cgi-bin /usr/lib/cgi-bin/
ns_param MapPOST /*.pl
ns_param MapPOST /*.py
ns_param Interps CGIinterps
ns_section ns/interps/CGIinterps
ns_param .pl /usr/bin/perl
ns_param .sh /bin/sh
ns_param .py /usr/bin/python
# CGI environment variable handling -- See admin guide
ns_param systemenvironment false ;# Copies environment from nsd start
shell
I've tried several configurations, too many to list here, like
ns_param MapPOST /*
and I can't get it to work. Mailman uses python, and the executables
listed are compiled binaries, if that can give you a hint.
-Andre
[AOLSERVER] Why can you only grab handles from one pool at a time?
Can someone briefly explain to me why, once you have allocated handles from a database pool, you cannot allocate more from the same pool until you release all the ones you already have from that pool? Is it a race condition, a performance trade-off or something else? thanks, /s.
Re: [AOLSERVER] nssha1 and SSHA
I should be more specific -- SHA1 is a hashing algorithm What exactly are you trying to do with it? /s Sean, do you mean you need to do SHA1 encryption over the net? AFAIK, the nssha module encrypts data but not for SSL Is it the SSL capability you're looking for? /s There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I need a way to do SSHA encryption Any implementations/ideas? Thanks, Sean Redmond Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] Xpath in ns_xml
I've updated the nsxml module in AOLserver's SF CVS area with Jeremy Collin's patch; this brings it up-to-date with Yon Derek's nsxml module and adds XPath support. I've now removed the acs-misc version of nsxml. It compiles, and the server can load the module, but I haven't done any real testing. I'd like comments as to whether the XSLT portion that was added by Yon Derek should be pulled out and put into a new, separate nsxslt module, or if it should stay inside of nsxml. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] AOLserver weekly chat tomorrow
The AOLserver weekly chat takes place tomorrow, Thursday 25 July, at 20:00 UTC, which translates to: 4 PM US/Eastern 3 PM US/Central 2 PM US/Mountain 1 PM US/Pacific Common topics include AOLserver, Tcl, SQL, ACS, and general web-related questions. The place: AIM chatroom AOLserver on exchange 4 The URL for the chat room: aim:GoChat?RoomName=AOLserver You do NOT need to be an AOL subscriber to access the chat room. If you need more help getting on AIM or getting into the chat room, please see http://dqd.com/~mayoff/aolserver/weekly-chat.html. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Seeking ns_cache configuration advice
I've passed Rob's nscache module to Kris and asked him to import it into the AOLserver CVS tree at SourceForge. /s. On Wed, 31 Jul 2002 11:21:58 -0500, Rob Mayoff [EMAIL PROTECTED] said: +-- On Jul 31, Dave Siktberg said: Using google I did find this location serving the documentation page, which will whet your appetite until you get the code: http://java.cms.livjm.ac.uk/local/as23docs/html/tapi-c22.htm Unfortunately, that's not the documentation for my module. AOLserver 2.3 had an ns_cache Tcl command, but it was removed in AOLserver 3. I don't know why it was removed. I did not know about 2.3's ns_cache command when I wrote the nscache module, so the ns_cache command in the nscache module does not have the same syntax as the ns_cache command in 2.3. I have put the last version of nscache on my web page: http://dqd.com/~mayoff/aolserver/#nscache The documentation is here: http://dqd.com/~mayoff/aolserver/src/nscache/index.html This is version 1.1, though it isn't marked as such. I encourage any interested party to put the code in sourceforge or some other repository. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] OT: gearing for speed.... (caching connections)
nsopenssl would give you the ability to talk between your servers directly. SSL session caching allows a client and server to set up the initial connection, and then share a long random id. The server uses the id as a key and caches the SSL conn info, such as the keys, ciphers and so on used for the connection. When the client connects again and passes this id. If session caching is turned on in nsopenssl, then the client and server don't have to go throught the whole SSL setup procedure again. The session caching capability is managed by the OpenSSL library internally. BTW, if you're using nsopenssl ALWAYS TURN ON SESSION CACHING. MSIE doesn't work properly without it. /s. I have an application where two AOLserver instances on two different nodes are going to have lots and lots of communication between themselves -- I would prefer to keep the connections transient, but want to know what the alternatives are. It's interesting to know that nsopenssl/nsssl may already be doing some of this. Can you tell me more about how this connection caching is done in AOLserver? Is it handled entirely within nsopenssl/nsssl? Is it actually keeping the TCP/IP connection open, or just caching some of the SSL/crypto data? If the latter, how does it determine a new request is actually part of an old SSL session? Thanks, Jerry -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Documentation Available Online
I *LIKE* it. Give fast access to the commands; better then waiting for the web page. Too bad I'm switching (to an iMac). I'll still use it at work, however. /s. On Wed, 25 Sep 2002 18:56:26 +0100, Jamie Rasmussen [EMAIL PROTECTED] said: If you use a Windows desktop or server, I've converted the 3.5 docs to HTML with groff and then into Windows HTMLHelp format. Sample available at http://empoweringminds.mle.ie/temp/aolserver.chm Jamie At 12:35 AM 9/25/2002 -0400, you wrote: All, please be sure to take a look at the README included with AOLserver 3.5. It should hopefully answer a number of questions I've seen asked recently. - Nathan 2. Documentation Documentation is available in the doc subdirectory of this release. It contains of Unix-style reference manual entries for AOLserver. Files with extension .1 are for programs (for example, nsd.1); files with extension .3 are for C library procedures; and files with extension .n describe Tcl commands. The file doc/nsd.1 gives a quick summary of the AOLserver configuration. To view any of the man pages on Unix, cd to the doc directory and invoke your favorite variant of troff using the normal -man macros, for example: groff -Tascii -man nsd.1 | more Conversion to HTML may be possible with: groff -Thtml -man nsd.1 nsd.html If AOLserver has been installed correctly and your man program supports it, you should be able to access the AOLserver manual entries using the normal man mechanisms, such as man -M /usr/local/aolserver/man nsd On Tuesday, September 24, 2002, at 08:05 PM, Patrick Spence wrote: I certainly hope someone can do this because MAN pages are NOT a viable solution for some of us. I don't want to have to SSH into my server just to read the docs.. a web interface is MUCH easier to work with...especially since I do all my work remote.. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] ANNOUNCE: ns_encrypt module for AOLserver
Mind if I import this into AOLserver SF? /s. On Fri, 27 Sep 2002 16:28:30 -0700, Daniel P. Stasinski [EMAIL PROTECTED] said: I have released my ns_encrypt module for AOLserver. It provides two new commands: ns_encrypt and ns_decrypt The module provides for strong public/private key cryptography on tcl strings. ns_encrypt takes a tcl string and encrypts it with a one time session key using any one of the AES, Blowfish, Cast5, IDEA or Triple DES ciphers. The session key is then encrypted with an RSA public or private key. Encrypted data is returned as BASE64 encoded text. The module can be downloaded from the projects page at: http://www.scriptkitties.com/ Your input is both welcome and desired. Daniel P. Stasinski -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] nsencrypt module in CVS and downloadable
I've imported Daniel's nsencrypt module to AOLserver's SF area, tagged it as v0.1 and made it available via the Files link (http://sourceforge.net/project/showfiles.php?group_id=3152). I also cleaned up the nsopenssl module downloads in the Files area (added comments and so on -- see http://sourceforge.net/project/shownotes.php?release_id=78644 for an example of the changes). /s. On Fri, 27 Sep 2002 16:28:30 -0700, Daniel P. Stasinski [EMAIL PROTECTED] said: I have released my ns_encrypt module for AOLserver. It provides two new commands: ns_encrypt and ns_decrypt The module provides for strong public/private key cryptography on tcl strings. ns_encrypt takes a tcl string and encrypts it with a one time session key using any one of the AES, Blowfish, Cast5, IDEA or Triple DES ciphers. The session key is then encrypted with an RSA public or private key. Encrypted data is returned as BASE64 encoded text. The module can be downloaded from the projects page at: http://www.scriptkitties.com/ Your input is both welcome and desired. Daniel P. Stasinski -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] [ANNOUNCE] nsxml 1.5 released
nsxml version 1.5 has been released. Go to the AOLserver SourceForge Files area to download it. There is more work to do, mostly cleanup, full testing, and documentation. Thanks to all the people listed in the nsxml.c file for making this module possible. All I've done is integrate patches and smoke test it. Send me any errata, comments or suggestions. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] AOLserver Postgres Driver (2.3.0)
Yes, I had imported an older version of postgres.so from the OpenACS, but haven't had time to work on it. I'm probably going to start from scratch with a fresh copy from OpenACS and import it. I want to centralize the AOLserver modules to one location, but not sure the OpenACS folks would be satisfied maintaining it at SourceForge, since they already have their own software development manager. /s. On Sat, 28 Sep 2002 18:38:38 -0700, Daniel P. Stasinski [EMAIL PROTECTED] said: This should also go on the site (AOLserver Postgres Driver v2.3.0). Ours is still old and crashes the server. http://openacs.org/sdm/download-package-release.tcl?package_id=2release_id= 60 or in case that didnt format correctly, try this: http://oneweek.org/qk Daniel -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] AOLserver Postgres Driver (2.3.0)
What I had actually done was refactor the parts out into separate files. Not sure it was the best cut, and the two are certainly badly out of sync because of me. Other than cosmetic changes though, I haven't really changed the way it operates. So starting with a fresh copy of the OpenACS dist would probably be much easier. The biggest problem is: will the OpenACS crew let me take the OpenACS postgres module, refactor it and then use that refactored copy, maintaining it at SourceForge? I realize OpenACS has a terrific SDM, but I think the AOLserver C modules should be maintained and distributed from a central location, and that would be SourceForge. If the OpenACS folks continue with their version of postgres.so, that's fine, but I hate to see two separate modules whose only real differences may be cosmetic. /s. On Sat, 28 Sep 2002 22:08:15 -0400, Lamar Owen [EMAIL PROTECTED] said: On Saturday 28 September 2002 09:38 pm, Daniel P. Stasinski wrote: This should also go on the site (AOLserver Postgres Driver v2.3.0). Ours is still old and crashes the server. Scott has, I believe, refactored the AOLserver Postgres Driver somewhat. My recommendation is to sync the two, and fix the bug that had the patch issued earlier. Scott, if you would like I can take a look at that this week. AFAIK I still have commit privileges on AS CVS on SF. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11 -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] The Next Module -- nscache
Super. I'll import Rob's original module, then update it with your changes and generate a release file. I'll also add you to the SourceForge commit list. thanks, /s. On Sat, 28 Sep 2002 23:53:53 -0400, Vlad Seryakov [EMAIL PROTECTED] said: I talked with Rob and he told me that i can take control for nscache module, i made some modification and submitted them to Rob, but he is not maintaining this module anymore. I just added ns_cache incr function similar to nsv_incr. The module is available at ftp://ftp.crystalballinc.com/pub/vlad On Sun, Sep 29, 2002 at 12:09:08AM +, Scott Goodwin wrote: I'm going to import Rob's nscache module into SourceForge tonight or tomorrow. Anyone out there who knows of any changes/improvements that have been made to the module that Rob has on his website, or any other information, test code and so on, please send them to me. His module is still located at http://dqd.com/~mayoff/aolserver/#nscache thanks, /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Two modules for AOLServer available
On Sat, 28 Sep 2002 23:58:36 -0400, Vlad Seryakov [EMAIL PROTECTED] said: At the time i was developing that module i wanted to put all mail related functionality there but it ended up with IMAP client support only. Scott suggested to rename it into imap something, so it will probably will be renamed to reflect IMAP only support. It'll mean changing the Tcl interface commands to ns_imap or something similar. I hope that won't be too much of a burden on you Vlad -- it would mean changing your production Tcl code. We could have the module use both ns_mail and ns_imap commands the same way for a while. scalable. It still lacks full MIB support, but i could not find multithreaded MIB library. Most SNMP libraries appear to be commercial products. Surely there's on open source one somewhere that's multithreaded. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Two modules for AOLServer available
We now have three modules (that I know of) which use OpenSSL. I think it's time to break OpenSSL into its own openssl.so module, and have it loaded prior to loading nsencrypt.so, nsopenssl.so and nsimap.so. I'll work on that this week. Vlad, your nscache is labeled as version 1.4. Rob's doesn't appear to be labeled at all. So I'm going to make Rob's import and file release as 1.3, add your changes and make that a separate 1.4 release. If this isn't correct, let me know -- like, really soon, as I'm working on it right now :) /s. On Sun, 29 Sep 2002 00:42:08 -0400, Vlad Seryakov [EMAIL PROTECTED] said: I just renamed ns_mail into ns_imap and put the module on ftp://ftp.crystalballinc.com/pub/vlad/nsimap.tar.ga I tested it and made some changes in Makefile to simplify compilation without SSL support. On Sun, Sep 29, 2002 at 04:33:00AM +, Scott Goodwin wrote: On Sat, 28 Sep 2002 23:58:36 -0400, Vlad Seryakov [EMAIL PROTECTED] said: At the time i was developing that module i wanted to put all mail related functionality there but it ended up with IMAP client support only. Scott suggested to rename it into imap something, so it will probably will be renamed to reflect IMAP only support. It'll mean changing the Tcl interface commands to ns_imap or something similar. I hope that won't be too much of a burden on you Vlad -- it would mean changing your production Tcl code. We could have the module use both ns_mail and ns_imap commands the same way for a while. scalable. It still lacks full MIB support, but i could not find multithreaded MIB library. Most SNMP libraries appear to be commercial products. Surely there's on open source one somewhere that's multithreaded. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Two modules for AOLServer available
I have zero experience with shared libs, other than understanding what they're for. Seems like you already have it working this way, so I'll try it out. If you could, please send me any changes you made to the Makefile to do this. Putting openssl.so into AOLserver's /bin directory might eliminate the requirement to update LD_LIBRARY_PATH. We don't use any code that's installed with the OS. All of our production binaries are compiled from scratched into a specific area so we know exactly what's being used, and so an OS upgrade from, say, RH 7.2 to 7.3 doesn't break something for us. /s. On Sun, 29 Sep 2002 08:39:57 -0400, Peter M. Jansson [EMAIL PROTECTED] said: On Sun, 29 Sep 2002, Scott Goodwin wrote: it's time to break OpenSSL into its own openssl.so module, and have it If you build OpenSSL as a shared lib, and the build procedures for the AOLserver modules are friendly to that practice, do we really need an OpenSSL module? What would it do? Last time I built nsopenssl.so, I did it that way, and I've had no problems other than that you may have to adjust the LD_LIBRARY_PATH to include the place the OpenSSL shared libraries. Pete. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] Discussion at OpenACS...
Go to http://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0006Qqtopic_id=11 for discussion on nspostgres, nsora, windows AOLserver and aD AOLserver issues with respect to SF hosting. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] need an openssl.so?
Pete, thanks for the info. No functionality would be associated with an openssl.so module, and what you've said below solves the issues I had. /s. On Sun, 29 Sep 2002 12:46:01 -0400, Peter M. Jansson [EMAIL PROTECTED] said: Really, what I'm asking is whether there's any functionality you would associate with an openssl.so module, or if it's just to make sure the library is loaded. If there's no functionality, then the normal shared library facility should be fine. I've used this technique on IRIX, Mac OS X, several versions of Solaris, and a couple of versions of RedHat Linux. Of those, the only one that came with OpenSSL as a part of the OS distribution was Mac OS X. I didn't need any changes to the nsopenssl Makefiles, nor the AOLserver Makefiles. When you build OpenSSL, configure it with shared or threads and it will build shared libraries. It seems to me that we should be configuring OpenSSL with threads anyway, so this shouldn't be a change. Putting the OpenSSL shared libs (libcrypto.so and libssl.so) in the AOLserver bin directory is not enough. The libraries do need to be somewhere the system will search for shared libraries, so you either need to include the directory in which the libraries reside in the LD_LIBRARY_PATH, or provide the directory as a load search hint by adding a -R argument to LDFLAGS (assuming your compiler supports -R). For example, -R /usr/local/ssl/lib might be what you need. I haven't used nsencrypt nor nsimap, so I don't know if the build procedures for them require changes. When you say you don't use any code that's installed with the OS, do you include C runtime libraries with that? On Sun, 29 Sep 2002, Scott Goodwin wrote: I have zero experience with shared libs, other than understanding what they're for. Seems like you already have it working this way, so I'll try it out. If you could, please send me any changes you made to the Makefile to do this. Putting openssl.so into AOLserver's /bin directory might eliminate the requirement to update LD_LIBRARY_PATH. We don't use any code that's installed with the OS. All of our production binaries are compiled from scratched into a specific area so we know exactly what's being used, and so an OS upgrade from, say, RH 7.2 to 7.3 doesn't break something for us. /s. On Sun, 29 Sep 2002 08:39:57 -0400, Peter M. Jansson [EMAIL PROTECTED] said: On Sun, 29 Sep 2002, Scott Goodwin wrote: it's time to break OpenSSL into its own openssl.so module, and have it If you build OpenSSL as a shared lib, and the build procedures for the AOLserver modules are friendly to that practice, do we really need an OpenSSL module? What would it do? Last time I built nsopenssl.so, I did it that way, and I've had no problems other than that you may have to adjust the LD_LIBRARY_PATH to include the place the OpenSSL shared libraries. Pete. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Discussion at OpenACS...
Don probably meant that he didn't see the AOL dev team merging in the changes for Win32 and aD stuff, especially if it had any effect on adding complexity or reducing performance. Having separate modules for these two efforts, at least to begin with, would solve that problem while still centralizing the code. What I'd suggest is that there be two versions imported as modules -- one for windows development and one with the aD stuff. I also suggest that the import be made from the current AOLserver 3.5.0 tree and/or 4.x tree, and then be patched to bring in the differences cleanly. It might be easier to track with AOLserver core this way. Alternatively, the current aD and any current Win32 copies could be imported and then brought to a state where they are the same as the AOLserver core, with the exception of the differences (duh). I like the AOLserver core being clean of Win32 code. Please don't anyone take offense here, as it's just my personal opinion: it makes it less complicated, and therefore easier for myself and others to work on. Having a tracked copy that incorporates revisions to make it run natively on windows, and a separate tracked version that incorporates changes that the community wants to see would allow us to experiment with AOLserver core safely. The AOL dev team could then integrate the improvements that make sense into the core, and everyone wins. /s. On Sun, 29 Sep 2002 14:37:50 -0400, Dossy [EMAIL PROTECTED] said: On 2002.09.29, Scott Goodwin [EMAIL PROTECTED] wrote: Go to http://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0006Qqtopic_id=11 for discussion on nspostgres, nsora, windows AOLserver and aD AOLserver issues with respect to SF hosting. Cool, thanks for bringing this to our attention. I just wanted to comment on something Don Bacchus wrote: [...] One of our community members has resurrected windows support and quite a few members of our community are interested in seeing that packaged and released once AOLserver 4.0 is released. At the moment I can't imagine that being hosted at AOLserver.com. [...] -- Don Baccus, September 29, 2002 I would love to see Win32 support continue for AOLserver. I don't see why Don says I can't imagine that being hosted at AOLserver.com -- at least the AOL folks have said that we simply can't maintain Win32 support any longer ... they never said we no longer want Win32 support for AOLserver. If the community will work on Win32 support and do it in such a way that it doesn't negatively impact the AOLserver core, I am convinced that the AOL core team will accept the necessary changes to make it happen. I'd volunteer to be the coordinator of the patching effort if that would help. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] More updates
Don Baccus has been added to the committer's list and will be focusing on the nspostgres module. Jeff Davis has stepped up to work on nsora. http://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0006Qqtopic_id=OpenACStopic=11 /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] [ANNOUNCE] nscache 1.3 and 1.4 released.
nscache 1.3 is Rob Mayoff's original module. nscache 1.4 has the 'incr' command added, courtesy of Vlad Seryakov. Both are now available as downloads from the AOLserver SourceForge Files area. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] Oracle Driver
I now have Oracle Driver 2.3 and 2.5. Anyone who has or knows of Oracle Driver versions of any kind, please send me the tarball and/or send me a direct URL to the download for what you find. I and/or Jeff will open them up and try to determine from file dates and what's in READMEs what order we need to integrate them. Please copy Jeff Davis (he and I are cc'd on this message, so Reply-All, REMOVE the AOLserver Discussion address, and attach any files). thanks, /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Oracle Driver
I have a copy of aD 3.3a13, so I can pull that copy out too. Jeff and I will just have to do a heuristic analysis of all the versions. I'm going to unpack them all into one area and start study them. Your info below will help. If anyone else has this kind of historical knowledge, post it here. thanks, /s. On Mon, 30 Sep 2002 00:59:53 -0400, Andrew Piskorski [EMAIL PROTECTED] said: On Mon, Sep 30, 2002 at 02:01:55AM +, Scott Goodwin wrote: I now have Oracle Driver 2.3 and 2.5. Scott, that doesn't sound right. The latest Oracle driver released by aD was 2.6, and I think that's what OpenACS uses. Do you have the version that aD shipped with their AOLserver 3.3+ad13 release? That was their last release of the Oracle driver. However, it's README file was out of date and did still mention release 2.4 in the text. It's ora8.c has: /* $Id: ora8.c,v 1.59 2001/06/11 20:11:14 mayoff Exp $ */ I can send you copy of aolserver-src-v33+ad13.tar.gz if you don't have it, or should be able to grab it from here: http://eveander.com/arsdigita/acs-repository/aolserver-src But I suspect you may already have it, and it's just version number confusion going on... -- Andrew Piskorski [EMAIL PROTECTED] http://www.piskorski.com -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Oracle Driver
Cool -- I just copied you on a response to Jeremy about his version -- he did a lot of reformatting of the code mostly, but did add one command. He suggested we leave his version out of the import, but add the new command he created in manually. Also, if we can get all the way back to 1.6, let's go 1.6 - aD 2.6. I still want to unpack and confirm the versions and ordering, unless you've already done that and are confident you've sorted it out. /s. On Mon, 30 Sep 2002 08:22:26 -0400, Jeff Davis [EMAIL PROTECTED] said: I have oracle 2.3, 2.4, 2.5 and 2.6 all as released from aD. I checked and the copy of 2.6 at Eve's site and the OpenACS tarball are the same. I also have the version from Jeremy Collins which he called 2.6 and was based on the aD v2.5 but there are a lot of cosmetic changes and it is hard to figure out what should be folded in to the next version. The diff from aD 2.5 - aD 2.6 is very small and easy to add to Jeremy's version but I am not sure how well his version has been tested. There is also a later version than the 2.6 release which Rob Mayoff had (which hopefully Rob or Andrew will send to me shortly which was ora8.c v 1.60 in the aD CVS). Also, there was a change that I never put into the released version since it was never clear to me what the right answer was (cf http://ccm.redhat.com/bboard-archive/webdb/000d9f.html ) I think what we should do is put up the 2.3 - 2.6 sequence, then try to pull in anything else that might have been fixed elsewhere and make that 2.7beta. --Jeff -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] [ANNOUNCE] Release of nssha1-0.1
Hi Oscar, I'll download and import as soon as I can. thanks, /s. On Mon, 30 Sep 2002 11:51:26 -0600, Oscar Bonilla [EMAIL PROTECTED] said: Why don't you check the module nspasswd at http://www.galileo.edu/obonilla/software/nspasswd ? it has nssha functionality plus other hashes... regards, -Oscar On Monday, September 30, 2002, at 12:47 AM, Scott Goodwin wrote: I've imported and created a File release of nssha1, version 0.1. I'll promote it to version 1.0 when I or someone else can confirm that it works properly with AOLserver. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net -- pgp fingerprint: BC64 2E7A CAEF 39E1 9544 80CA F7D5 784D FB46 16C1 -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] Oracle Driver update
Thanks to all who have provided the various versions of the oracle driver code. I've created a version geneology based on the Id tags in the different ora8.c files: 2.3 ora8.c: /* $Id: ora8.c,v 1.54 2000/09/09 02:37:04 mayoff Exp $ */ 2.4 ora8.c: /* $Id: ora8.c,v 1.55 2000/09/20 19:54:35 mayoff Exp $ */ 2.5 ora8.c: /* $Id: ora8.c,v 1.57 2001/01/05 17:26:10 davis Exp $ */ (BRANCH: 2.5-jcollins ora8.c: /* $Id: ora8.c,v 1.5 2002/05/26 13:40:31 jcollins Exp $ */) 2.6 ora8.c: /* $Id: ora8.c,v 1.59 2001/06/11 20:11:14 mayoff Exp $ */ 2.7 /* $Id: ora8.c,v 1.60 2001/09/19 03:10:36 mayoff Exp $ */ Looks like I can import from 2.3, then update all the way to what I'm calling 2.7 (I don't think there ever was an official 2.7 release). Jeremy based his extensive changes on version 2.5. Also, Jeff Davis posted a mod to, I think 2.5 -- reference http://ccm.redhat.com/bboard-archive/webdb/000d9f.html Unless anyone has any comments, updates or other suggestions, I'm going to import 2.3 and patch to what I'm calling 2.7, then attempt to patch Jeff's mod and then Jeremy's changes onto 2.7. If they take cleanly, great. If not, I'll probably ask Jeremy and Jeff to take a look and see if they can sort it out. One alternative is to simply create a branch after 2.5 that contains Jeremy's code, which he or someone else can then merge into the head branch. I'll wait a day for comments and suggestions. If anyone wants to get all the versions I currently have, they can do so by downloading http://scottg.net/download/nsora.tar.gz. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
[AOLSERVER] nsimage imported into SourceForge
Ayan George's nsimage module is now in AOLserver's SF area. I've tagged the initial code as 'v1_0beta1'. If I remember, I'll package it up and release it as nsimage-1.0beta1.tar.gz. /s. -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] nsopenssl
Nope. I need to figure out how to get that info from OpenSSL properly and display it. Sounds like something for me to work on tomorrow. /s. On Mon, 30 Sep 2002 21:40:32 -0500, David Walker [EMAIL PROTECTED] said: If nsopenssl is using openssl version 0.9.6g, is there a command that will display the version in that format? -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] Responding to SourceForge-generated mail
The bugs, features, patches tracking email notifications could be sent to a separate list, handled the same way the AOLserver discussion list is. I just checked the SF admin page for the bug tracker, and the email address that the notices are being sent to is the AOLserver discussion group (ok, duh). If someone knows how to create a new listserv mailing list, say '[EMAIL PROTECTED]', we can direct all of the bugs, features, patches traffic to that list, and you'd need to sign up there to see them via email. Failing that, we could set up a Yahoo or other group to direct it to. I'd prefer it be handled the same way the discussion list is, though. There are probably other ways of doing it that might be even better. /s. On Mon, 21 Oct 2002 17:41:01 -0700, Patrick Spence [EMAIL PROTECTED] said: - Original Message - From: Dossy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 21, 2002 5:16 PM Subject: Re: [AOLSERVER] Responding to SourceForge-generated mail On 2002.10.21, Patrick Spence [EMAIL PROTECTED] wrote: *cough* should be on their own list *cough* Maybe. Although, who'd bother signing up to that list? Those interested in seeing the questions and helping with them. Say the various project leaders of the various modules... It's good that people who might not normally participate in answering SF questions see the questions and can contribute if they choose to. If I have to post people's responses directly to SF, that might be the best way of handling it. Its also bad because it takes up list bandwidth for messages that can't be replied to and are in a format that is hard to read... especially when you realise that I am probably not the only person here who killfiles them. :) (thus proving they ARE a waste of bandwidth since -someone- deletes them out of hand) -- Patrick Spence arivenATarivenDOTcom www.RandomRamblings.com www.Ariven.com -- Scott Goodwin [EMAIL PROTECTED] http://scottg.net
Re: [AOLSERVER] AOLserver
I have a request to all posters to the AOLserver discussion group: please take the time to use reasonably good subject lines in your messages. The subject line above doesn't tell me anything about the content, but it could. I better line might have been: AS 3.4 and PG 7.2.1 - occasional crash Having good subject lines makes it a lot easier to both determine if you're interested in reading the message, and helps when you go to listserv to search all messages. Didn't mean to pick on you personally, Nate; you just gave me a convenient example. I am also guilty of creating useless subject lines. I am changing my ways... :) thanks, /s. -Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of Nate Haggard Sent: Wednesday, October 30, 2002 5:16 PM To: [EMAIL PROTECTED] Subject: [AOLSERVER] AOLserver I am using AOLserver 3.4 and PostgreSQL 7.2.1. Occasionally AOLserver will just crash. I get an error like this in the serverlog: [25/Oct/2002:15:50:00][1413.883783][-conn633-] Error: It has something to do with the database driver because I can duplicate the behavior if I do a query without single quotes '. Is this normal behavior? I would rather see a descriptive error about a failed query because it is difficult to debug this way. Nate Haggard
Re: [AOLSERVER] Sign Up for AOLserver Documentation!
Title: Message If you mean that all the ns_sock* commands are to be documented under one ns_sock.n man page, I have to disagree. It breaks the unix standard of one command per man page. I wouldn't know to look in ns_sock.n for ns_sockopen; the user should not need to know what file a command is defined in so they can look up the command.And when I want to see how ns_sockopen works, I don't want ns_socklisten and the others on the same page. I'd rather have the other related commands be in the "See Also" section. I believe strongly that we should have one man page per API call, and not one man page per file name. /s. -Original Message-From: AOLserver Discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan FolkmanSent: Saturday, November 02, 2002 9:03 PMTo: [EMAIL PROTECTED]Subject: [AOLSERVER] Sign Up for AOLserver Documentation!To clarify, please sign up by file name instead of by API name. A number of the man pages contain multiple API's - example: $TOP/aolserver/doc/ns_sock.n. Also, please make sure you are working from the aolserver_v35_bp branch. We need to get the docs completed for 3.5, then we will tackle 4.0.To find out what still needs to be documented:1. Check out the 3.5 code: cvs co -raolserver_v35_bp aolserver2. Take a look in $TOP/aolserver/doc for man page files3. Check the "Tasks" area on SourceForge to see what's already been taken4. Add a new task for the man page file, or send email to [EMAIL PROTECTED] or [EMAIL PROTECTED] with the name of the file and we'll add it for youLet me know if there are any questions. Thanks!- n
Re: [AOLSERVER] Sign Up for AOLserver Documentation!
I find, for example, that the traditional AOLserver documentation including all variants of ns_return on a single page helps me to better understand the range of responses available. After reviewing this, I now see what you're saying. The problem is that the second part of some command names should really have been the subcommand name. For example: ns_returnadminnotice should really have been: ns_return adminnotice In the same way, ns_sockopen should really be ns_sock open Were this the case, it would be obvious to look up 'man ns_sock' and 'man ns_return'. In these cases, I take back what I said -- I suppose they should be on the same man page. Thus, it appears the AOLserver Tcl Dev Guide is inconsistent -- ns_sockopen, ns_socklisten and the other ns_sock* command should have been on the same page together, like ns_return*, but they aren't. Maybe that's because the functionality or passed args are essentially the same for ns_return*, but different for ns_sock*. /s.
Re: [AOLSERVER] Sign Up for AOLserver Documentation!
Title: Message I Agree. We'll do the 3.5 docs first as-is. I think at some point we should bite the bullet and rename commands like ns_returnadminnotice to be ns_return adminnotice and maintain that consistency throughout the server and modules. Backward compatibility would be kept for some period of time. Is there some reasonnot torename the 'nsv_*' commands to correspond to Tcl's 'array' command? Thus, 'nsv_set' would change to 'ns_array set', so that ns_array set would correspond to Tcl's array set and so on. Those familiar with Tcl's array command would then intuitively know how to use the nsv_* / ns_array * commands. It might not be a perfect one-to-one correspondence, but it should come pretty close. /s. -Original Message-From: AOLserver Discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan FolkmanSent: Sunday, November 03, 2002 9:05 PMTo: [EMAIL PROTECTED]Subject: Re: [AOLSERVER] Sign Up for AOLserver Documentation!In a message dated 11/3/02 7:52:51 PM, [EMAIL PROTECTED] writes: After reviewing this, I now see what you're saying. The problem is thatthe second part of some command names should really have been thesubcommand name.For example: ns_returnadminnoticeshould really have been: ns_return adminnoticeIn the same way, ns_sockopenshould really be ns_sock openWere this the case, it would be obvious to look up 'man ns_sock' and'man ns_return'. In these cases, I take back what I said -- I supposethey should be on the same man page.Thus, it appears the AOLserver Tcl Dev Guide is inconsistent --ns_sockopen, ns_socklisten and the other ns_sock* command should havebeen on the same page together, like ns_return*, but they aren't. Maybethat's because the functionality or passed args are essentially the samefor ns_return*, but different for ns_sock*./s.Ironically Jim and I were just discussing changing the nsv_* commands to be something like ns_svar cmd. Keeping the current nsv_* commands for backward compatibility of course! ;-) I think we should concentrate on documenting the files as they exist in $TOP/aolserver/doc and can revisit single vs. multiple commands per file when we turn our attention towards the 4.0 documentation work.- n
Re: [AOLSERVER] Sign Up for AOLserver Documentation!
Title: Message What was the new chat time on Thursdays? Last stated was 3pm Eastern, but then you asked for any takers at 2pm Eastern. I abstained, and no one else spoke up, so I'm assuming it was finally changed to 3pm Eastern. I intend to hang out in the chat room all day from now on. /s. -Original Message-From: AOLserver Discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan FolkmanSent: Sunday, November 03, 2002 9:05 PMTo: [EMAIL PROTECTED]Subject: Re: [AOLSERVER] Sign Up for AOLserver Documentation!In a message dated 11/3/02 7:52:51 PM, [EMAIL PROTECTED] writes: After reviewing this, I now see what you're saying. The problem is thatthe second part of some command names should really have been thesubcommand name.For example: ns_returnadminnoticeshould really have been: ns_return adminnoticeIn the same way, ns_sockopenshould really be ns_sock openWere this the case, it would be obvious to look up 'man ns_sock' and'man ns_return'. In these cases, I take back what I said -- I supposethey should be on the same man page.Thus, it appears the AOLserver Tcl Dev Guide is inconsistent --ns_sockopen, ns_socklisten and the other ns_sock* command should havebeen on the same page together, like ns_return*, but they aren't. Maybethat's because the functionality or passed args are essentially the samefor ns_return*, but different for ns_sock*./s.Ironically Jim and I were just discussing changing the nsv_* commands to be something like ns_svar cmd. Keeping the current nsv_* commands for backward compatibility of course! ;-) I think we should concentrate on documenting the files as they exist in $TOP/aolserver/doc and can revisit single vs. multiple commands per file when we turn our attention towards the 4.0 documentation work.- n
Re: [AOLSERVER] Input data verification
Hi Daniël,
Yes, this would be useful, maybe as a standard ns_* style command,
something like an ns_bind_vars.
Right now the focus is on setting up a core AOLserver team, getting
AOLserver 3.5.0 fully documented, getting the current modules cleaned
up/documented, getting AOLserver 4.0 released, and a few other things.
When the majority of that work is done, I think we can look at
improvements to the server and modules such as you've outlined below.
How are your C skills? Your man page creation skills? Thats where we
could use some help right now.
/s.
-Original Message-
From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf
Of Daniël Mantione
Sent: Monday, November 04, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: [AOLSERVER] Input data verification
Hello,
You have propably all build a simple a html form and a
script that processes the form. Now how do you verify your input data?
For example, you want the user to enter a number. How do you verify on
the server side that someone indeed sent a number?
Usually I use the scan command, i.e.:
set r [ns_conn form]
set variabletxt [ns_set iget $r variable]
if {[scan %d $variabletxt variable] == 0} then {
ns_returnnotfound
return -code return
} else {
.
}
Now this is quite a lot of code for such a simple check and you write it
in each form again. I got a bit bored and wrote a library for it. Now it
is much easier, at the start of a script I just do:
bind_form_vars {mode req num} {actionurl req} {tabledef req} {index num}
{action}
What does this do?
- A form variable mode is assigned to the variable mode. The
variable
is required (req) and it must be numeric (num).
- The form variable actionurl is assign to the variable actionurl
and
it is required.
- The same for tabledef.
- index is not required, if it is not present the variable index
will
be set to {}, but if it is present it should be numeric
- action is not required
Now, since it is a very basic task that allmost every AOLserver user has
to do, is it perhaps an idea to make such a library part of the standard
AOLserver distribution?
Daniël
Re: [AOLSERVER] Call for AOLserver Core Team Nominees
Title: Message If anyone from the OpenACS community would like to nominate themselves, please send your brief paragraph or two to Nathan. /s. -Original Message-From: AOLserver Discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Simon MillwardSent: Tuesday, November 05, 2002 4:46 AMTo: [EMAIL PROTECTED]Subject: Re: [AOLSERVER] Call for AOLserver Core Team NomineesHi folks,I know its been posted there, but I personally feel at least one of these individuals should come from the OpenACS community. I suspect we're a fairly significant 'other' project that depends heavily on it, and as its firmly part of future OpenACS strategy that kinda makes sense.I'm sure you'd agree, although I don't know who from the community would be able to take it on.SimonNathan Folkman wrote: [EMAIL PROTECTED]" type="cite">We would like to establish an AOLserver core team made up of members from both here at AOL and the Open Source Community. The core team's main responsibility will be to lead the future direction of the AOLserver Open Source project, working to balance the internal requirements here at AOL with the requirements of the community at large. We've decided to adopt the core team principles currently in use by the Tcl core team - it seems to have worked well for them, and seems to also be a good fit for the AOLserver project. There will probably be a few slight modifications made, but essentially the core team will function as described by the following:http://www.scriptics.com/cgi-bin/tct/tip/0.html If you are interested in becoming a member of the AOLserver core team, please send me ([EMAIL PROTECTED]) an email with a brief paragraph or two describing your qualifications, and why you think you would be a good candidate. We will then post the names and descriptions and allow everyone to vote for the top three.Please let me know if there are any questions. Thanks!- Nathan-- Simon Millward Director OpenMSG Limited +44 (0) 7818 045 801 Tel: +44 (0)1225 48 48 05 Fax: +44 (0)1225 31 6789 Web http://www.open-msg.net Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of OpenMSG Ltd.
Re: [AOLSERVER] AOLserver Project Update
Good question. In about six months I expect AOLserver and all of the modules to be fully tested, documented and clean. At that point, it will be hard to argue with using AOLserver for any kind of IT project from a technical or maintenance standpoint. It is the other arguments we will have to overcome, such as, Tcl? I thought that was obsolete and Isn't everything going Java and J2EE? On the popularization front I want to have a self-installing distribution of AOLserver that will lower the bar to getting a copy of AOLserver running with a few simple, live applications. We make it easy for newcomers to run the server and see what it can do without having to wade through discussion groups and docs trying to figure out how to get something running themselves. I also plan to write a series of articles for magazines, update my website, and run naked through the streets if necessary. /s. -Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of Steve Manning Sent: Thursday, November 07, 2002 4:21 PM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] AOLserver Project Update Congratulations on this move to include the community and setup the core team. I feel it gives a very positive vibe for the future of AOLServer. I just wondering if this new push includes any plans to promote AOLServer amongst the IT public at large. Its difficult to promote AOLServer as a solution to a requirement when the response is 'AOL what?'. Just about everyone has heard of Apache - how can we achieve the same notoriety? Steve -- Steve Manning - Linux Mandrake 9.0 - Gnome 2.0 East Goscote - Leicester - UK +44 (0)116 260 5457 Reply to [EMAIL PROTECTED] - AIM: verbomania -- Only 1 in 10 people understand binary - the other one hasn't got a clue. --
Re: [AOLSERVER] Other languages (was: Project Update)
-Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 08, 2002 12:29 AM To: [EMAIL PROTECTED] Subject: [AOLSERVER] Other languages (was: Project Update) I think Tcl (or, rather, single language support) is one of the big things holding AOLserver back. I thought the same thing two years ago. I'm now convinced Tcl was and is still the right choice for the core scripting language, and believe it should remain the core language. It simply wouldn't be AOLserver otherwise. But you are correct in that we need to support other languages. That could be done with modules, and maybe some means of binding to internal Tcl data structures at the C level could be found so that, say, a java module can exchange data *directly* with Tcl internally -- maybe some kind of standard binary format for data interchange (Binary XML?). Maybe a capability that is similar to comm and db drivers -- a way to write language drivers that register themselves with the core server. That's definitely an area for exploration. I've recently been considering switching away from AOLserver ... Hang in there...things are changing. /s.
Re: [AOLSERVER] How I'll vote for core team members (long)
Exactly. Even though they work for AOL, they are still a part of the AOLserver community and should have a vote. I wish I could have put it this clearly. /s. -Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of Jeff Hobbs Sent: Friday, November 08, 2002 8:30 PM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] How I'll vote for core team members (long) Since AOL has already picked its representation, it seems to me they should not vote on the community half of the core team. Not that their votes would necessarily be wrong or bad or have any nefarious intention, but more in the interest of fairness, as has been said I disagree on this point, for a couple of reasons. While they have picked their own representation (which I feel is a good thing, because often the community has no idea who the behind-the-scenes people are and discounts them unfairly for that), they are also part of the community and users of AOLServer. As such, they need to vote on the community seats as well. All in all, their votes would only be a small part of the whole (one would assume). This brings up another question: what constitutes a voting member? Does one company get 1 vote, or does each employee at a company get a vote? Each member of the core team should have a vote, regardless of company. When the TCT (Tcl Core Team) was formed, it had several employees of Scriptics/Ajuba, each as equal members with the others. There is no Scriptics anymore (acquire), but each of those people is still TCT member at a new company, and still participates. While it's unlikely that AOL is going to be acquired (hey Jim, any insider trading info?), it's one of several good reasons to establish an all-equal core team members. For myself, if rather short term limits are put on the members anyway, Time limits are fine, but what time? 1 year, 2? Any shorter and it just becomes a hassle, and 2 years is 100 in internet time. I think the easiest is the self-managing aspect that the TCT added (although, to be honest, the TCT is overweight ...). Jeff
Re: [AOLSERVER] gzip compression
On Monday, January 6, 2003, at 11:10 PM, Jeffrey Hobbs wrote: That's a good question ... I've never actually done performance analysis on the stacked channel stuff, but it is fairly efficient. It just passes buffers from one stack to the next as they are consumed. Special purpose filters may do a better job as they can suck in large amounts of data as they operate, but I'm not sure that you'd win if you have to have extra exec overhead. What would be a good test? I suppose timing SSL connection throughput using Tcl stacked channels via the Tcl C API and a straight C implementation. If the channels have configurable buffer sizes and such they may work well, i.e. all channels in a stack should have the same buffer sizes, the exception being for a channel whose output is larger than its input (a decompression channel, for example) -- the channel that gets that output should also reasonably be expected to have a larger buffer size. Jim D., Nathan and I were just discussing the comm model in AOLserver. For 4.x, Jim has created a very aggressive read-ahead comm model that isn't suitable for all types of network usage but is very suitable for dealing with HTTP content. I'd be surprised if Tcl stacked channels could match the speed and efficiency of this model, and in AOLserver's case, specialized code to do this is worth the fact that it's not generalized to handle any type of case. My suggestion was that we allow multiple comm models in AOLserver (and Tcl?) such that the one best suited for a particular task could be selected by the module or code that needs it. An HTTP connection might work great with the aggressive read-ahead model, for example, but SSL connections might not. Having a means in AOLserver's C API (and/or in Tcl's API) to choose which comm model, or transformation model (i.e. what channel type) to put into a stack would allow more flexibility. /s. In any case, I did want to mention that since 8.2 Tcl has had stacked channels in the core. Extensions like Trf, memchan and TLS use this to do compression and/or encryption on channels transparent to the user. I create a new channel type in tclcmds.c in the nsopenssl module to allow Tcl's gets, puts and friends to work with an SSL socket, though I didn't use channels for the C API portion of the process. Are there any performance issues with stacking channels? Jeff Hobbs The Tcl Guy Senior Developer http://www.ActiveState.com/
Re: [AOLSERVER] nsopenssl certificate chain
Hi Keith, Just append all the CA cert files in the chain into one file, then use the ServerCAFile param to point to it. These CA cert files should be in PEM format. We're using that here for our DoD CA chain and it works great. /s. On Thursday, January 16, 2003, at 12:07 PM, Keith Paskett wrote: Is there an nsopenssl equivalent to Apache + MOD SSL/OPEN SSL SSLCertificateChainFile? I have a certificate that was signed by a CA certificate that is not in the netscape browser but a certificate up the chain is. Root Cert (is in browser) | -- signs -- | Cert X (not in browser) | -- signs -- | Cert Y (not in browser) | -- signs -- | My server certificate. Apache installation instructions from the company that signed the Cert say to put Root Cert, Cert X, and Cert Y in a file that Apache directive 'SSLCertificateChainFile' points to. I can install Certy Y in my browser and all works well but I paid to have my certificate signed (what a racket) so my users wouldn't have to do that. - Keith
Re: [AOLSERVER] Is Aolserver vulnerable?
After looking through the 3.4.2 source code, the answer is no. TRACE is not a supported HTTP method in AOLserver. I used cscope to find all occurences of TRACE and found none. Also checked the Tcl module that come with the server. It might be wise to register a proc to log that a TRACE request was made to your server, if you're interested to identify attempts. /s. On Wednesday, January 22, 2003, at 03:04 PM, Jade Rubick wrote: Does Aolserver implement the TRACE command? http://www.extremetech.com/article2/0,3973,841047,00.asp
Re: [AOLSERVER] Is Aolserver vulnerable?
On Wednesday, January 22, 2003, at 03:48 PM, Andrew Piskorski wrote:
Incidentally, Apache/1.3.26, the version shipped with Debian 3.0, DOES
implement TRACE.
On Wed, Jan 22, 2003 at 01:04:36PM -0800, Jade Rubick wrote:
Does Aolserver implement the TRACE command?
http://www.extremetech.com/article2/0,3973,841047,00.asp
I just pointed that out to my management chain and the other groups in my organization who use Apache and IIS. Here's the message I sent:
= CUT HERE
If you aren't already aware, there appears to be a serious cross-site vulnerability that uses the TRACE HTTP method to do its dirty work. This vulnerability is not affected by SSL.
Please read:
http://www.extremetech.com/article2/0,3973,841047,00.asp
I know Apache uses the TRACE method (I just looked at the source code for Apache), but it may not be vulnerable depending on how Apache is configured. I can't determine if IIS is vulnerable, because, well, I don't have the source code.
We use AOLserver for EMIS, which is not vulnerable. I've added extra checking to the EMIS request processor 5 minutes ago to log any attempts to use HTTP methods that we don't accept so we can identify attempts to use TRACE. Here's the piece of code I added to do that:
if {! [regexp -nocase {get|post|head} $http_method]} {
ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP REQ=$request"
ns_return 403 text/html [ns_adp_parse -file /emis/pages/errors/errorframe.adp 403]
return filter_return
} else {
ns_log notice "$http_method request for $request from $peer_addr"
}
AOLserver is such a *sweet* web server. You should really consider switching :)
/s.
=== CUT HERE ==
So, thank you AOL, the AOL dev team, and everyone in the community who uses and has helped maintain and improve AOLserver. You've made my life so much easier.
/s.
Re: [AOLSERVER] Is Aolserver vulnerable?
I actually don't have to perform the 'if' check regexp -- we register two handlers, one for accepted method, the other for unacceptable methods:
ns_register_filter preauth GET /* rp_handler
ns_register_filter preauth POST /* rp_handler
ns_register_filter preauth PUT /* rp_handler_other
ns_register_filter preauth HEAD /* rp_handler_other
ns_register_filter preauth DELETE /* rp_handler_other
ns_register_filter preauth TRACE /* rp_handler_other
ns_register_filter preauth OPTIONS /* rp_handler_other
ns_register_filter preauth CONNECT /* rp_handler_other
rp_handler_other handles "bad" methods. So I can go in and simplify the code :)
/s.
On Wednesday, January 22, 2003, at 05:08 PM, David Walker wrote:
How do you register this filter?
I have a list of methods I check for but I would prefer to watch for all that
are not get/post/head
On Wednesday 22 January 2003 04:53 pm, Jerry Asher wrote:
Scott Goodwin wrote:
have the source code.
We use AOLserver for EMIS, which is not vulnerable. I've added extra
checking to the EMIS request processor 5 minutes ago to log any attempts
to use HTTP methods that we don't accept so we can identify attempts to
use TRACE. Here's the piece of code I added to do that:
if {! [regexp -nocase {get|post|head} $http_method]} {
ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP
REQ=$request"
ns_return 403 text/html [ns_adp_parse -file
/emis/pages/errors/errorframe.adp 403]
return filter_return
} else {
ns_log notice "$http_method request for $request from $peer_addr"
}
This is a good idea.
You may wish to change this to return a TRACE specific error message
that mentions this exploit. That way the user will be alerted to
dubious activity on his machine.
Jerry
Re: [AOLSERVER] Is Aolserver vulnerable?
I think a registered filter put in before any other filter would be
better, unless you have a specific error page you want to show that's
in OpenACS. My code is returning our error page; I wouldn't want to
rely on a more complex module to perform this function for me. A bug in
your rewrite code could make you vulnerable again.
/s.
On Wednesday, January 22, 2003, at 05:19 PM, Roberto Mello wrote:
On Wed, Jan 22, 2003 at 02:47:58PM -0800, Jerry Asher wrote:
snip
It goes away entirely if the server doesn't implement TRACE. It will
not cause cross site leakage unless your browser already has a cross
site leakage bug in it. IE currently does. Other browsers may or may
not have bugs. When will you be secure that your browser has none of
these bugs?
Ugh.
snip
The news article claims that Apache needs a patch and can't just be
configured to not implement TRACE. Does anyone know if that is so?
Think I found a way to work around the problem using Apache's
mod_rewrite
(something that may be good to add to OpenACS' request processor). By
adding the lines below (with mod_rewrite being loaded) to the
VirtualHost
section, the server should send a Forbidden response.
Weirdly, I get a Bad request (the same request works fine if I take the
rewrite rules off), but at least the TRACE isn't completed.
# RBM: 2002-01-22. Kill TRACE exploits.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* [F]
-Roberto
--
+|Roberto Mello -http://www.brasileiro.net/ |--+
+ Computer Science Graduate Student, Utah State University +
+ USU Free Software GNU/Linux Club - http://fslc.usu.edu/ +
What you end up with, after running an operating system concept through
these many marketing coffee filters, is something not unlike plain hot
water.
-- Matt Welsh
Re: [AOLSERVER] Is Aolserver vulnerable?
Adobe's Acrobat Viewer supports byte range serving when installed as a plug-in for Netscape Navigator, or as an ActiveX control for Microsoft's Internet Explorer. It'll pull down a page at a time as you move through the document. /s. On Thursday, January 23, 2003, at 06:47 PM, Jim Davidson wrote: In a message dated 1/23/2003 6:24:22 PM Eastern Standard Time, [EMAIL PROTECTED] writes: >What portions do you think would make the most sense to support, and what >benefits would supporting those features provide? Keep-alive enabled by default - allows persistent client/server connections without negotiation. Chunked transfer coding - allows streaming content within persistent connections. Byte ranges - allows a client to resume an interrupted transfer. Are byte ranges useful outside big static file downloads? -Jim
[AOLSERVER] Cold Fusion vs Tcl in AOLserver: Opinions
Hi all, can those of you with Cold Fusion experience please respond to me directly with your opinions on Cold Fusion vs Tcl in AOLserver? I need to make a case for moving a heavy Cold Fusion developer group to Tcl in AOLserver. Specifically I need to convince this group that the pain of the switch is worth it in the long run. I don't need philosophical advice (e.g. Use what you know). I need specific advice on why Tcl/AOLserver is a better solution than CF for web apps. Please reply to [EMAIL PROTECTED] Thanks! /s.
Re: [AOLSERVER] nspostgres
Pull the CVS copy of nspostgres -- I believe that one works with AOLserver 4.x, but hasn't been packaged for a release yet. /s. On Monday, February 10, 2003, at 09:22 AM, Wes James wrote: I tried to compile nspostgres 3.5 and I get compile errors with aols4. I then try it again with aols351 to make sure it will compile. It does. How do I get the driver to compile for aols4? wj
Re: [AOLSERVER] nsopenssl 2.1 allergic to RedHat 8.0?
John Caruso pointed this out a couple of weeks ago. Read below: From: John Caruso [EMAIL PROTECTED] Date: Fri Feb 21, 2003 5:57:14 PM US/Central To: [EMAIL PROTECTED] Subject: Test for THREADS in thread.c (in nsopenssl 2.1) I'm in the process of (re)building nsopenssl 2.1 using openssl 0.9.7a, and I ran into one problem. In thread.c there's the following test: #ifndef THREADS #error OpenSSL was not compiled with thread support! #endif But it appears that in openssl 0.9.7a the macro name is now OPENSSL_THREADS, not THREADS (and they also don't reference OPENSSL_THREAD_DEFINES anymore to determine whether or not to set this--it's set unconditionally). I checked the nsopenssl 2.2beta7 tarball and it looks like it hasn't been updated to reflect the changed macro name either. I got around it by defining CFLAGS=-DTHREADS before the compilation, but long-term I'm assuming you'll want to change this in the code. - John On Wednesday, March 5, 2003, at 04:27 PM, Peter M. Jansson wrote: I updated one of my systems to RH 8.0, and then updated OpenSSL to 0.9.7, and now I'm having trouble compiling nsopenssl 2.1 from the tarball on ScottG's site. Anyone else have similar troubles? I'm digging in to try to figure it out, but I thought I'd ask the crew, in case someone else has an answer. One difference is that OpenSSL 0.9.6 appears to define a symbol THREADS to indicate that OpenSSL was built for threads, while OpenSSL 0.9.7 defines OPENSSL_THREADS, but that's easy enough to fix. I'm guessing most of my troubles are coming from a newer gcc being a little more pedantic (which I didn't think was possible). Thanks, Pete. I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/
Re: [AOLSERVER] SSL handshake error
Do you have session caching turned on? /s. On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote: I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on Redhat 7.0 and I'm getting this error quite a bit: Error: nsopenssl: EOF during SSL handshake I have no idea what's causing it and I can't recreate it. When it happens, it gives the end user a Server Error message. Reloading the same page never causes the problem a second time. I really don't even know whether it's a problem with AOLServer, a configuration issue, or a problem with OpenSSL. Has anybody seen this before or have any idea of how to correct it? Any advice would be appreciated. Scott I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/
Re: [AOLSERVER] SSL handshake error
I need to know the browser type, version and strength (e.g. MSIE 5.5
128-bit, Netscape 4.7 40-bit...).
Oscar, when you say you're seeing the exact same problem, do you mean
you're seeing both the error message and the browser is failing on the
first connect?
/s.
On Tuesday, March 11, 2003, at 08:42 AM, Oscar Bonilla wrote:
I'm seeing the exact same problem, however I have ServerSessionCache
set to true. I'm using
nsopenssl 2.1. What could the problem be?
This is the nsopenssl part of my aolserver config file:
-
ns_section ns/server/${servername}/module/nsopenssl
ns_param ServerPort ${httpsport}
ns_param ServerHostname ${hostname}
ns_param ServerAddress ${address}
ns_param ServerCertFile ${sslcertificate}
ns_param ServerKeyFile ${sslkey}
ns_param ServerProtocols All
ns_param ServerCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ns_param ServerSessionCache true
ns_param ServerSessionCacheID1
ns_param ServerSessionCacheSize 512
ns_param ServerSessionCacheTimeout 300
ns_param ServerPeerVerifyfalse
ns_param ServerPeerVerifyDepth 3
ns_param ServerCADir ${sslcadir}
ns_param ServerCAFile${sslcafile}
ns_param ServerTrace false
ns_param SockServerCertFile ${sslcertificate}
ns_param SockServerKeyFile ${sslkey}
ns_param SockServerProtocols All
ns_param SockServerCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ns_param SockServerSessionCache true
ns_param SockServerSessionCacheID2
ns_param SockServerSessionCacheSize 512
ns_param SockServerSessionCacheTimeout 300
ns_param SockServerPeerVerifytrue
ns_param SockServerPeerVerifyDepth 3
ns_param SockServerCADir ${sslinternalcadir}
ns_param SockServerCAFile${sslinternalcafile}
ns_param SockServerTrace false
ns_param SockClientCertFile ${sslclientcertificate}
ns_param SockClientKeyFile ${sslclientkey}
ns_param SockClientProtocols All
ns_param SockClientCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ns_param SockClientSessionCache true
ns_param SockClientSessionCacheID3
ns_param SockClientSessionCacheSize 512
ns_param SockClientSessionCacheTimeout 300
ns_param SockClientPeerVerifytrue
ns_param SockClientPeerVerifyDepth 3
ns_param SockClientCADir ${sslservercadir}
ns_param SockClientCAFile${sslservercafile}
ns_param SockClientTrace false
ns_param RandomFile /dev/urandom
ns_param SeedBytes 1024
Thanks,
-Oscar
On Mon, Mar 10, 2003 at 11:42:36PM -0600, Scott Goodwin wrote:
Turn it on, always, always, always have session caching on, or SSL to
certain MSIE browser versions will fail in the way you're seeing. I've
just updated the nsopenssl config examples at my site to reflect this.
nsopenssl 3.0 will have session caching turned on by default, so that
if you want it turned off you'll have to explicitly do so.
/s.
On Monday, March 10, 2003, at 11:32 PM, William Scott Jordan wrote:
ServerSessionCache is set to false.
Scott
At 11:12 PM 3/10/2003 -0600, you wrote:
Do you have session caching turned on?
/s.
On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote:
I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on
Redhat
7.0 and I'm getting this error quite a bit:
Error: nsopenssl: EOF during SSL handshake
I have no idea what's causing it and I can't recreate it. When it
happens,
it gives the end user a Server Error message. Reloading the same
page
never causes the problem a second time. I really don't even know
whether
it's a problem with AOLServer, a configuration issue, or a problem
with
OpenSSL.
Has anybody seen this before or have any idea of how to correct it?
Any
advice would be appreciated.
Scott
I. To remove yourself from this list:
Send a message to [EMAIL PROTECTED] with the following
text
in
the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to [EMAIL PROTECTED] with the following
text in
the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to [EMAIL PROTECTED] with the following
text
in
the BODY
Re: [AOLSERVER] SSL handshake error
Note that you will see some EOFs in the log files that are normal and aren't due to failures. I see them all the time because we're using client certs -- MSIE makes a connection, realizes the server wants a client cert, cuts the conn (EOF), asks the user which client cert they want to use, then makes a fresh connection. There are other events that can cause an EOF; one of them I think is when a client is using SSLv3 or TLS but doesn't follow the SSL close protocol specified and instead just closes the socket. /s. On Tuesday, March 11, 2003, at 12:01 PM, William Scott Jordan wrote: So I switched session caching on last night and when I checked the logs this morning, I see that there were a couple of new EOF during SSL handshake errors. Checking the access log, it looks like something funny was going on; Non-existent files being accessed and such. I think Dossy might be right about this being from the SSL exploits. Hopefully, turning on session caching fixed the real problem and now I'm just seeing the results of some idiots mucking about. Scott At 09:57 PM 3/10/2003 -0800, you wrote: I'll give this a shot. Thanks for the assistance. Scott At 11:42 PM 3/10/2003 -0600, you wrote: Turn it on, always, always, always have session caching on, or SSL to certain MSIE browser versions will fail in the way you're seeing. I've just updated the nsopenssl config examples at my site to reflect this. nsopenssl 3.0 will have session caching turned on by default, so that if you want it turned off you'll have to explicitly do so. /s. On Monday, March 10, 2003, at 11:32 PM, William Scott Jordan wrote: ServerSessionCache is set to false. Scott At 11:12 PM 3/10/2003 -0600, you wrote: Do you have session caching turned on? /s. On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote: I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on Redhat 7.0 and I'm getting this error quite a bit: Error: nsopenssl: EOF during SSL handshake I have no idea what's causing it and I can't recreate it. When it happens, it gives the end user a Server Error message. Reloading the same page never causes the problem a second time. I really don't even know whether it's a problem with AOLServer, a configuration issue, or a problem with OpenSSL. Has anybody seen this before or have any idea of how to correct it? Any advice would be appreciated. Scott I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/
Re: [AOLSERVER] Dumb SSL question
Find out what browser types and versions you expect your users to use and go see what CA certs are preloaded into them. That's the list of CAs you should choose from. Getting a server cert from anyone else, or generating your own, will cause your user's browsers to popup the invalid site warning. /s. On Friday, March 14, 2003, at 12:04 PM, Michael Roberts wrote: It's been a while since I bestirred myself to change anything in my SSL configuration (yes, I'm *still* running AOLserver 2.1 on one server...) but I've got reason to consider SSL on one of my newer servers and I don't want to pay Verisign more than I have to (and it's a different domain name). So what are the options in this brave new century for SSL certificates that won't make typical browsers choke? Michael I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/ I. To remove yourself from this list: Send a message to [EMAIL PROTECTED] with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/
Re: [AOLSERVER] Emacs and ADP -- a solution
On 3/17/03 11:17 AM, Janine Sisk [EMAIL PROTECTED] wrote: Hear, hear! :) I keep hearing about the studliness of Emacs and it's not that I don't believe it - but my fingers know Vi extremely well, after using it for nigh on 15 years (ok, that's a scary thought in itself!) and it slows me down too much to try to learn another editor. Maybe I'll give it a try after I retire. :) janine On Monday, March 17, 2003, at 12:14 PM, Scott Laplante wrote: vim, obstinately. ; ) -Original Message- From: Jeremy Cowgar [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2003 6:09 AM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Emacs and ADP -- a solution What does everyone else use for editing ADP's? TCL for that fact as well. Jeremy On Sunday 16 March 2003 08:39 am, you wrote: Greetings. I use emacs for all text editing and I was running into a problem with editing ADP's. With html-helper-mode I can do things like narrow down to a JavaScript block and edit JavaScript with a JavaScript mode (syntax highlighting, language helpers, automatic indenting, etc...). I wished to have the same thing for editing Tcl blocks in my .adp's % ... %. Vim here, too. I used to use Emacs, but it was such a pain to configure and get right; Vim seems to be easier to configure and add capabilities to. Vim is backwards-compatible with me. /s. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- Janine Sisk President/CEO furfly.net, LLC Mont Vernon, NH -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] maxline
I believe you limit the request line like so:
ns_section ns/server/${servername}
ns_param maxline 10240
It defaults to 8192 in AOLserver 3.5.1.
The config file should be placed in the top level of your AOLserver
installation area, and should be called nsd.tcl. For a new
installation, you need to configure your nsd.tcl file from scratch,
using the examples from sample-config.tcl.
You don't have to recompile, you just have to restart your server.
It is not case-sensitive.
/s.
On Monday, March 17, 2003, at 05:27 PM, Zamil Murji wrote:
I read that:
AOLserver limits the length of each line in the HTTP request header,
including the request line itself. This limits the amount of data you
can
put in form variables in a GET request. AOLserver does not specifically
limit the length of each form variable's value.
The limit is set in the config file, section ns/server/$server,
parameter maxline. The default is 8192 bytes.
-- Rob Mayoff, June 28, 2001
where is this config file? what steps do i have to take once i change
this
config file. do i have to recompile? if so some directions would be
good.
do i add this maxline parameter to my .ini file. is it case sensitive
(ie
is maxline the same thing as MaxLine).
I'd appreciate any responses.
Thanks in advance.
Zamil
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list:
http://www.aolserver.com/listserv.html
List information and options: http://listserv.aol.com/
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list: http://www.aolserver.com/listserv.html
List information and options: http://listserv.aol.com/
Re: [AOLSERVER] nsxml indent
Send me the patch and tell me what the previous version was (i.e. is it the current CVS copy that doesn't do what you expect?). /s. On Monday, March 24, 2003, at 02:35 PM, Daniel P. Stasinski wrote: In the newest nsxml module, is there a way to produce indented output rather than all on one line? My patch to the previous version no longer has any effect. Daniel P. Stasinski Software Engineer Mayor Pharmaceutical Laboratories [EMAIL PROTECTED] -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] CGI memory leaks
Hi Matthew, Sounds like a memory leak in nscgi. Can you send me the perl script and your nsd.tcl file? I'll see if I can duplicate the problem, track it down and fix it. thanks, /s. On Friday, March 28, 2003, at 04:57 PM, Matthew Krenzer wrote: I know this subject was addressed a while ago but I'm curious to know if there has been any resolution to this. We have setup a linux box running aolserver 3.5 w/ tcl 8.4.2 and have performed the following tests: 1. Running a very simple perl cgi 2. Running an ADP to do the same as the cgi 3. Running an ADP that execs a command We hammered the snot of the aolserver in each case and case 1 above leaked memory (about 2MB a minute at full throtle) - the other two did not leak memory. In the previous thread it was mentioned that perhaps the leaks were related to 'exec' in a multithreaded app. But in this case, execs from tcl did not result in a leak - only those for the CGI processing. Does anyone know what could cause this or what a potential solution is? (Of course long term we will convert all of our cgis to adps, but that will take time - we'd like to switch out the webserver before then). Any information would be most welcome, Thanks, Matthew -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] Issue a post request from AOLSERVER
Go get nsopenssl 2.1 and look at the https.tcl file in that distrubution: I've added ns_httpspost to it, and it even does multipart forms! Take my changes and apply them to the http.tcl file that comes with AOLserver and you'll have what you need. Send me the resulting http.tcl file and I'll commit it to SourceForge on the 3.5 branch. /s. On Thursday, April 3, 2003, at 09:50 AM, Wolfgang Winkler wrote: Hi! Is there an easy way to issue post requests from aolserver like ns_httpget for get requests? wiwo -- Digital Concepts Ideen-Konzepte-Lösungen [EMAIL PROTECTED] www.digital-concepts.com Mobil: +43 699 / 20 88 13 51 Büro: +43 732 / 77 27 27 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] Issue a post request from AOLSERVER
Of course that was easy. What, did you think this was Apache?!? /s. On Thursday, April 3, 2003, at 10:32 AM, Wolfgang Winkler wrote: Hi! I just changed the line from set http [ns_httpsopen POST $url $rqset $timeout $querystring] to set http [ns_httpopen POST $url $rqset $timeout $querystring] and everything seems to work fine. That was easy! wiwo On Thursday 03 April 2003 17:55, you wrote: Go get nsopenssl 2.1 and look at the https.tcl file in that distrubution: I've added ns_httpspost to it, and it even does multipart forms! Take my changes and apply them to the http.tcl file that comes with AOLserver and you'll have what you need. Send me the resulting http.tcl file and I'll commit it to SourceForge on the 3.5 branch. /s. On Thursday, April 3, 2003, at 09:50 AM, Wolfgang Winkler wrote: Hi! Is there an easy way to issue post requests from aolserver like ns_httpget for get requests? wiwo -- Digital Concepts Ideen-Konzepte-Lösungen [EMAIL PROTECTED] www.digital-concepts.com Mobil: +43 699 / 20 88 13 51 Büro: +43 732 / 77 27 27 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- Digital Concepts Ideen-Konzepte-Lösungen [EMAIL PROTECTED] www.digital-concepts.com Mobil: +43 699 / 20 88 13 51 Büro: +43 732 / 77 27 27 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] CGI memory leaks
Matthew, I've tracked down the CGI memory leak; it should be fixed in about an hour in both the 3.5 branch and 4.x. /s. On Friday, March 28, 2003, at 04:57 PM, Matthew Krenzer wrote: I know this subject was addressed a while ago but I'm curious to know if there has been any resolution to this. We have setup a linux box running aolserver 3.5 w/ tcl 8.4.2 and have performed the following tests: 1. Running a very simple perl cgi 2. Running an ADP to do the same as the cgi 3. Running an ADP that execs a command We hammered the snot of the aolserver in each case and case 1 above leaked memory (about 2MB a minute at full throtle) - the other two did not leak memory. In the previous thread it was mentioned that perhaps the leaks were related to 'exec' in a multithreaded app. But in this case, execs from tcl did not result in a leak - only those for the CGI processing. Does anyone know what could cause this or what a potential solution is? (Of course long term we will convert all of our cgis to adps, but that will take time - we'd like to switch out the webserver before then). Any information would be most welcome, Thanks, Matthew -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
